Skip to content
Tech News
← Back to articles

Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library

2026-04-30 | original
read original get PyTorch Lightning T-Shirt → more articles
Why This Matters

The discovery of Shai-Hulud themed malware in the widely-used PyTorch Lightning library highlights the ongoing risks of supply chain attacks in the AI and machine learning ecosystem. This incident underscores the importance for developers and organizations to vigilantly monitor dependencies and implement robust security measures to protect sensitive data and infrastructure. As AI frameworks become more integral to various applications, safeguarding these tools is crucial to prevent widespread exploitation.

Key Takeaways

The PyPI package 'lightning', a widely-used deep learning framework, was compromised in a supply chain attack affecting versions 2.6.2 and 2.6.3 published on April 30, 2026. Teams building image classifiers, fine-tuning LLMs, running diffusion models, or developing time-series forecasters frequently have lightning somewhere in their dependency tree.

Running pip install lightning is all that is needed to activate. The malicious versions contain a hidden _runtime directory with obfuscated JavaScript payload that executes automatically upon module import. The attack steals credentials, authentication tokens, environment variables, and cloud secrets, while also attempting to poison GitHub repositories. It has Shai-Hulud themes including creating public repositories called EveryBoiWeBuildIsaWormBoi.

We believe that this attack is the work of the same threat actor behind the mini Shai-Hulud campaign. The IOC structure is consistent with that operation: the malicious commit messages follow the same Dune-themed naming convention, with this campaign using the prefix EveryBoiWeBuildIsAWormyBoi to distinguish it from the original Mini Shai-Hulud attack.

Affected Packages

- lightning version 2.6.2

- lightning version 2.6.3

For Semgrep Customers

Semgrep has an advisory and rule to cover this so you can find to check your projects.

Trigger a new scan if you haven't recently on your projects. Check the advisories page to see if any projects have installed these package versions recently: https://semgrep.dev/orgs/-/advisories Check your dependency filter for matches. If you see “No matching dependencies” you are not actively using the malicious dependency in any of your projects. If you did match, additional advice on remediation and indicators of compromise are below.

If you matched: Also audit your repositories for the injected files listed in the IOCs below (.claude/ and .vscode/ directories with unexpected contents), and rotate any GitHub tokens, cloud credentials, or API keys that may have been present in the affected environment.

... continue reading

Explore topics: pytorch lightning shai-hulud github supply chain attack javascript payload
Related:
Why OpenAI's 'goblin' problem matters — and how you can release the goblins on your own
Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.
Microsoft beats on top and bottom lines with 40% Azure growth
Reverse Engineering With AI Unearths High-Severity GitHub Bug
OpenAI Codex system prompt includes explicit directive to "never talk about goblins"

© 2026 GoKawiil

About | Editorial Policy | Contact