Introduction
In a disturbing escalation of software supply chain threats, attackers have successfully compromised two widely-used Python packages—PyTorch Lightning and Intercom-client—to distribute malicious versions that steal credentials. According to security firms Aikido Security, OX Security, Socket, and StepSecurity, the campaigns were executed with precision, targeting developers and organizations relying on these tools. This article breaks down the incidents, the techniques used, and how to stay protected.
The Attack on PyTorch Lightning
PyTorch Lightning, a popular deep learning framework wrapper, was hit by a credential-stealing campaign. The attackers managed to publish two malicious versions—2.6.2 and 2.6.3—on April 30, 2026. These versions were designed to appear legitimate but contained hidden code that extracted sensitive data such as API keys and environment variables from infected systems.
How the PyTorch Lightning Compromise Worked
The malicious versions were uploaded to the official Python Package Index (PyPI) under the same package name. Users who installed either version via pip install pytorch-lightning between the release date and the takedown were at risk. The payload, embedded in the package's setup script, executed during installation, collecting credentials and exfiltrating them to a remote server. The attack leveraged the trust developers place in popular open-source packages, making it a classic supply chain infiltration.
The Intercom-client Compromise
Concurrently, the Intercom-client package—used to integrate Intercom's customer messaging API—was also targeted. While fewer details are publicly available, security researchers confirmed that the package was compromised in a similar fashion. Attackers injected credential-stealing logic into a legitimate version, aiming to harvest login credentials, API tokens, and other secrets from development environments.
Similarities and Differences
Both attacks share the same objective: credential theft. However, the PyTorch Lightning campaign involved two consecutive malicious version releases, whereas the Intercom-client attack appears to have been a single poisoned update. The attackers likely chose these packages due to their high download counts and integration in sensitive workflows.
Techniques Used in the Campaign
Security analysts from OX Security and StepSecurity identified several common techniques:
- Typosquatting and domain spoofing – Attackers registered similar-looking package names to trick users.
- Code obfuscation – The malicious payload was hidden using base64 encoding and string manipulation.
- Environment variable scraping – The script scanned
os.environfor keys likeAPI_KEY,SECRET_TOKEN, andPASSWORD. - Dependency confusion – Exploiting internal package management misconfigurations to pull malicious versions.
These methods are increasingly common in modern supply chain attacks, as highlighted by Socket and Aikido Security in their respective reports.
Impact and Mitigation
Who Is Affected
Any developer or organization that installed PyTorch Lightning v2.6.2 or v2.6.3 or a compromised version of Intercom-client between late April and early May 2026 is potentially affected. The stolen credentials could lead to unauthorized access to cloud services, databases, and source code repositories.
Steps to Mitigate
- Immediately rotate all credentials – API keys, database passwords, and any secrets stored in environment variables should be regenerated.
- Audit your dependencies – Check your
requirements.txtorPipfilefor the affected versions and remove them. - Use package verification tools – Employ software composition analysis (SCA) tools like those from Socket or OX Security to detect malicious packages.
- Enable two-factor authentication – On all critical accounts and services to add an extra layer of security.
- Monitor for suspicious activity – Review logs for unusual API calls or login attempts.
Conclusion
Supply chain attacks continue to evolve, with threat actors leveraging trusted packages like PyTorch Lightning and Intercom-client to steal credentials. The security community, including Aikido Security, OX Security, Socket, and StepSecurity, has responded swiftly to identify these threats. Developers must remain vigilant, adopt rigorous dependency management practices, and regularly update their security posture. For more details on protecting your software supply chain, refer to our mitigation steps above.