PyTorch Lightning and Intercom-Client Hit in Supply Chain Attacks to Steal Credentials

The latest supply‑chain breach targets two of the most widely used developer ecosystems—Python’s PyPI and JavaScript’s npm/Packagist. By compromising PyTorch Lightning, a high‑level wrapper for PyTorch, attackers injected a hidden runtime that automatically executes when the module is imported. The malicious code pulls in the Bun JavaScript runtime, then runs an 11 MB obfuscated script designed to scrape GitHub tokens, cloud service keys, Kubernetes credentials, and .env files. Once harvested, the data is encrypted and exfiltrated, while the compromised tokens are used to create worm‑like commits that silently modify up to 50 branches per repository, masquerading as Anthropic’s Claude Code.

The campaign, linked to the notorious TeamPCP group and dubbed Mini Shai‑Hulud, extends its reach beyond Python by compromising intercom-client on npm and intercom‑php on Packagist. Both packages employ post‑install hooks that trigger the same Bun‑based payload, demonstrating a repeatable attack pattern across language ecosystems. By hijacking CI/CD pipelines, the threat actors can republish tampered tarballs, allowing the malware to propagate downstream to unsuspecting developers who publish their own packages. This cross‑ecosystem strategy magnifies the attack surface, turning a single compromised dependency into a bridge for further infections.

For organizations, the incident highlights three immediate priorities: enforce strict verification of package signatures, implement automated alerts for unexpected version spikes, and rotate any credentials that may have been exposed. Developers should audit their dependency trees for Lightning 2.6.2/2.6.3 and intercom‑client 7.0.4, downgrade to known clean releases, and consider using tools that lock down install‑time script execution. Long‑term, adopting reproducible builds and zero‑trust publishing pipelines can reduce the risk of similar supply‑chain attacks in the future.