- Threat actors published two malicious versions of the popular Python package Lightning (2.6.2 and 2.6.3) on April 30, 2026, as part of a supply chain attack.
- The malware automatically executes on import to steal credentials and uses stolen GitHub tokens to inject a worm-like payload into up to 50 branches of accessible repositories.
- The PyPI repository has quarantined the project, and users are advised to block the malicious versions, downgrade to version 2.6.1, and rotate all exposed credentials.
- The campaign is an extension of the Mini Shai-Hulud supply chain incident and has also compromised the npm package intercom-client.
In a significant supply chain attack on April 30, 2026, threat actors compromised the popular Python Package Index (PyPI) package Lightning to push two malicious versions designed for credential theft, according to reports from Aikido Security and Socket. The campaign appears to be an extension of the Mini Shai-Hulud incident that recently targeted SAP-related npm packages.
The malicious versions, 2.6.2 and 2.6.3, automatically run a hidden script when the Lightning module is imported. Consequently, this triggers a chain that downloads an obfuscated JavaScript payload to harvest credentials comprehensively from the infected system.
Socket noted the malware validates stolen GitHub tokens and then uses them to inject a payload into repositories. “The operation is an upsert: it creates files that do not yet exist and silently overwrites files that do,” the security firm added, stating commits impersonate Anthropic’s Claude Code.
Separately, the malware modifies local npm packages to propagate via a postinstall hook. If a developer publishes a tampered package, the malware spreads further through the npm registry and onto downstream systems.
Project maintainers have acknowledged the issue and are investigating, with initial signs pointing to a compromised GitHub account. In a separate advisory, Lightning confirmed the affected versions contain credential harvesting functionality.
Meanwhile, the intercom-client npm package version 7.0.4 was also compromised as part of the same campaign. Socket said the technical overlap links this activity to the threat group TeamPCP.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
