Backdoored PyTorch Lightning Package Distributes Credential Stealer via Supply‑Chain Attack
What Happened — A malicious version of the popular open‑source PyTorch Lightning library was published to the Python Package Index (PyPI). The tampered package contains a hidden credential‑stealing module that activates on import, exfiltrating SSH keys, cloud API tokens, and other secrets to a command‑and‑control server.
Why It Matters for TPRM —
- Third‑party code libraries are a common attack surface for supply‑chain compromises, affecting any organization that integrates the library into production pipelines.
- Credential theft can lead to lateral movement across cloud environments, exposing sensitive data and critical workloads.
- The incident highlights the need for strict software‑bill‑of‑materials (SBOM) controls and runtime integrity monitoring.
Who Is Affected — Technology & SaaS firms, AI/ML research labs, cloud‑native enterprises, and any organization that builds or deploys Python‑based ML workloads.
Recommended Actions —
- Immediately audit all environments for the malicious PyTorch Lightning version (check package hash and version).
- Rotate any credentials potentially harvested (SSH keys, cloud tokens, API secrets).
- Enforce signed package verification and implement automated SBOM checks for all third‑party dependencies.
Technical Notes — The malicious code is delivered via a post‑install script that runs pip install hooks, leveraging the setuptools entry‑point mechanism. It contacts a hard‑coded C2 domain over HTTPS and uses base64‑encoded payloads. No public CVE has been assigned; the attack vector is a third‑party dependency compromise. Source: Security Affairs Malware Newsletter Round 96