RC RANDOM CHAOS
supply-chainopen-sourcedevopscybersecurity

PyTorch Lightning and intercom-client poisoned in Mini Shai-Hulud supply chain wave

· via The Hacker News

Original source

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

The Hacker News →

Attackers pushed malicious 2.6.2 and 2.6.3 releases of PyTorch Lightning to PyPI on April 30, 2026, hiding a downloader and an 11MB obfuscated JavaScript payload (router_runtime.js) that runs the moment the lightning module is imported. The payload pulls down the Bun runtime, then sweeps the host for GitHub tokens, npm credentials, SSH keys, cloud and Kubernetes secrets, .env files, and Docker creds. Validated GitHub tokens are reused to inject worm-like commits across up to 50 branches in every writable repo, with commits forged under an identity impersonating Anthropic’s Claude Code. A second propagation path rewrites local npm packages with a postinstall hook, bumps the patch version, and repacks the tarball so any subsequent publish carries the malware downstream.

The campaign, attributed to TeamPCP and tracked as Mini Shai-Hulud, also burned intercom-client 7.0.4 on npm and intercom/intercom-php 5.0.2 on Packagist using the same Bun-launched credential stealer, exfiltrating to zero.masscan.cloud with a fallback that creates public GitHub repos titled “A Mini Shai-Hulud has Appeared.” Intercom traced its compromise to pyannote-audio pulling the poisoned Lightning release as a transitive dependency — concrete evidence the waves are chaining across ecosystems rather than running as independent intrusions. The intercom-client publish came from a hijacked maintainer account (“nhur”) via a now-deleted branch that tripped an automated CI publish workflow.

PyPI quarantined and then deleted the malicious Lightning versions; 2.6.1 is the last clean release. Anyone who installed 2.6.2 or 2.6.3 should remove them, downgrade, and rotate every credential the affected environment touched — GitHub, npm, cloud, SSH, Kubernetes, Vault. The pattern (install-time execution, Bun loader, obfuscated router_runtime.js, GitHub-based propagation) now spans npm, PyPI, and Packagist, and earlier victims include Checkmarx, Bitwarden, Telnyx, LiteLLM, and Trivy.

Read the full article

Continue reading at The Hacker News →

This is an AI-generated summary. Read the original for the full story.