pytorch-lightning
Lightning PyPI wheel bundled Shai-Hulud credential stealer
The Mini Shai-Hulud campaign compromised the lightning PyPI package, with malicious versions 2.6.2 and 2.6.3 bundling a hidden _runtime directory. On import, the package started a daemon thread that downloaded the Bun JavaScript runtime from GitHub and executed an 11 MB obfuscated _runtime/router_runtime.js payload. StepSecurity reported credential theft, environment and cloud secret harvesting, GitHub API exfiltration through victim credentials, and npm tarball poisoning on the developer machine.
- Date
- 2026-04-30
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- distribution
- Impact
- Credential theft
- Cause
- Compromised Account/Credentials
What Was Affected
Package
pytorch-lightning
LanguagePython
ComponentLibrary
Artifact typewheel
Domain typepackage host
Domain
pypi.org
Repository
github.com/Lightning-AI/pytorch-lightning
Compromised Versions
Incident Context
- Motive
- Credential Theft
- Attribution
- Advanced Persistent Threat
- Transitive
- Yes
- User Impact
- 0
- Observed Duration
- 0 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
- dir:_runtime/
- file:_runtime/start.py
- file:_runtime/router_runtime.js
- url:https://github.com/oven-sh/bun/releases/
- marker:router_runtime.js
- marker:GitHub API exfiltration
- marker:npm tarball poisoning
External References
Source Data
Source record: oss/pytorch-lightning/meta.yaml