Supply Chain Attacks Target PyTorch Lightning and Intercom-client: Credential Theft Campaign Unveiled
By
<h2 id="introduction">Introduction</h2><p>In a disturbing escalation of software supply chain threats, attackers have successfully compromised two widely-used Python packages—<strong>PyTorch Lightning</strong> and <strong>Intercom-client</strong>—to distribute malicious versions that steal credentials. According to security firms <em>Aikido Security</em>, <em>OX Security</em>, <em>Socket</em>, and <em>StepSecurity</em>, the campaigns were executed with precision, targeting developers and organizations relying on these tools. This article breaks down the incidents, the techniques used, and how to stay protected.</p><figure style="margin:20px 0"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7hiQfVCFzoPBzfr5xqJ06qMjzv-zw_qiUcDTgyEM8RbEVk3PDztg9U5Vlkgvz6j7nX8ODtXwnTCC2wB78lupEmRjcxJTz74GJGSslsMQM-e5b8vG0W2gLFnbEzYAPKw05ZelkaNfy50VyLJeb-3EhwiGKfIP9qHNRpNG4MnFUnTBBOJ95vRJb-RbcFVxX/s1600/python.png" alt="Supply Chain Attacks Target PyTorch Lightning and Intercom-client: Credential Theft Campaign Unveiled" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: feeds.feedburner.com</figcaption></figure><h2 id="pytorch-lightning-attack">The Attack on PyTorch Lightning</h2><p>PyTorch Lightning, a popular deep learning framework wrapper, was hit by a credential-stealing campaign. The attackers managed to publish two malicious versions—<strong>2.6.2</strong> and <strong>2.6.3</strong>—on <strong>April 30, 2026</strong>. These versions were designed to appear legitimate but contained hidden code that extracted sensitive data such as API keys and environment variables from infected systems.</p><h3 id="how-the-pytorch-lightning-compromise-worked">How the PyTorch Lightning Compromise Worked</h3><p>The malicious versions were uploaded to the official Python Package Index (PyPI) under the same package name. Users who installed either version via <code>pip install pytorch-lightning</code> between the release date and the takedown were at risk. The payload, embedded in the package's setup script, executed during installation, collecting credentials and exfiltrating them to a remote server. The attack leveraged the trust developers place in popular open-source packages, making it a classic supply chain infiltration.</p><h2 id="intercom-client-compromise">The Intercom-client Compromise</h2><p>Concurrently, the <strong>Intercom-client</strong> package—used to integrate Intercom's customer messaging API—was also targeted. While fewer details are publicly available, security researchers confirmed that the package was compromised in a similar fashion. Attackers injected credential-stealing logic into a legitimate version, aiming to harvest login credentials, API tokens, and other secrets from development environments.</p><h3 id="similarities-and-differences">Similarities and Differences</h3><p>Both attacks share the same objective: <strong>credential theft</strong>. However, the PyTorch Lightning campaign involved two consecutive malicious version releases, whereas the Intercom-client attack appears to have been a single poisoned update. The attackers likely chose these packages due to their high download counts and integration in sensitive workflows.</p><h2 id="techniques-used">Techniques Used in the Campaign</h2><p>Security analysts from <em>OX Security</em> and <em>StepSecurity</em> identified several common techniques:</p><ul><li><strong>Typosquatting and domain spoofing</strong> – Attackers registered similar-looking package names to trick users.</li><li><strong>Code obfuscation</strong> – The malicious payload was hidden using base64 encoding and string manipulation.</li><li><strong>Environment variable scraping</strong> – The script scanned <code>os.environ</code> for keys like <code>API_KEY</code>, <code>SECRET_TOKEN</code>, and <code>PASSWORD</code>.</li><li><strong>Dependency confusion</strong> – Exploiting internal package management misconfigurations to pull malicious versions.</li></ul><p>These methods are increasingly common in modern supply chain attacks, as highlighted by <em>Socket</em> and <em>Aikido Security</em> in their respective reports.</p><figure style="margin:20px 0"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyqUz0-ifa8jE9rCzud3wzxmhcuzTp1VOWFEvGMoZXDYfaB_4459fPyvyQw7wvAnzjzDL09PkyJM83QGheO69fC3esg1WA7WnJ89i_t_q3K8DxYmgV__QujU8RWRnCK4MpbKqu8nwuMFfLaiRVHy_ov7IZ16hoKI3rIu-5BcISmqXPjlQU7N0sa4lWI-n-/s728-e100/wiz-d.png" alt="Supply Chain Attacks Target PyTorch Lightning and Intercom-client: Credential Theft Campaign Unveiled" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: feeds.feedburner.com</figcaption></figure><h2 id="impact-and-mitigation">Impact and Mitigation</h2><h3 id="who-is-affected">Who Is Affected</h3><p>Any developer or organization that installed <strong>PyTorch Lightning v2.6.2 or v2.6.3</strong> or a compromised version of <strong>Intercom-client</strong> between late April and early May 2026 is potentially affected. The stolen credentials could lead to unauthorized access to cloud services, databases, and source code repositories.</p><h3 id="steps-to-mitigate">Steps to Mitigate</h3><ol><li><strong>Immediately rotate all credentials</strong> – API keys, database passwords, and any secrets stored in environment variables should be regenerated.</li><li><strong>Audit your dependencies</strong> – Check your <code>requirements.txt</code> or <code>Pipfile</code> for the affected versions and remove them.</li><li><strong>Use package verification tools</strong> – Employ software composition analysis (SCA) tools like those from <em>Socket</em> or <em>OX Security</em> to detect malicious packages.</li><li><strong>Enable two-factor authentication</strong> – On all critical accounts and services to add an extra layer of security.</li><li><strong>Monitor for suspicious activity</strong> – Review logs for unusual API calls or login attempts.</li></ol><h2 id="conclusion">Conclusion</h2><p>Supply chain attacks continue to evolve, with threat actors leveraging trusted packages like PyTorch Lightning and Intercom-client to steal credentials. The security community, including <em>Aikido Security</em>, <em>OX Security</em>, <em>Socket</em>, and <em>StepSecurity</em>, has responded swiftly to identify these threats. Developers must remain vigilant, adopt rigorous dependency management practices, and regularly update their security posture. For more details on protecting your software supply chain, refer to our <a href="#mitigation">mitigation steps</a> above.</p>
Tags: