Breaking News: Malicious Versions of PyTorch Lightning and Intercom-client Unleashed
Security researchers have uncovered a sophisticated supply chain attack targeting the popular Python packages PyTorch Lightning and Intercom-client. Threat actors published two malicious versions of PyTorch Lightning—2.6.2 and 2.6.3—on April 30, 2026, designed to steal credentials from unsuspecting users.
The attack was identified and reported by a coalition of security firms, including Aikido Security, OX Security, Socket, and StepSecurity. According to their findings, the malicious code exfiltrates environment variables, API keys, and other authentication tokens to remote servers controlled by the attackers.
"This is a textbook supply chain compromise that exploits trust in widely used open-source libraries," said Dr. Elena Marchetti, a senior threat analyst at StepSecurity. "Developers who installed these versions between April 30 and May 2 may have already had their credentials exposed."
Intercom-client, a Python client for the Intercom messaging platform, was also hit in the same campaign. While the exact version numbers remain undisclosed, analysis shows the malware operates similarly—harvesting credentials and sending them to the same command-and-control infrastructure.
Background: How the Attack Unfolded
Supply chain attacks target the software development lifecycle itself. In this case, the attackers gained unauthorized access to the maintainer accounts for both packages on the official Python Package Index (PyPI). Once inside, they uploaded trojanized updates that appeared legitimate.
The malicious payloads in PyTorch Lightning versions 2.6.2 and 2.6.3 included obfuscated Python scripts that activated upon package import. The scripts checked for environment variables commonly used in cloud and development environments—such as AWS_ACCESS_KEY_ID, GITHUB_TOKEN, and SLACK_BOT_TOKEN—and transmitted them via HTTPS to an IP address registered just days earlier.
For Intercom-client, the same IP address and similar obfuscation techniques were used, confirming a coordinated operation. The security firms believe the attackers specifically targeted these packages due to their popularity among startups and enterprises that rely on automation and machine learning workflows.
What This Means for Developers and Organizations
Immediately, anyone who downloaded PyTorch Lightning versions 2.6.2 or 2.6.3 should rotate all credentials stored in environment variables and monitor for unauthorized activity. The same applies to users of Intercom-client from the same period, even though specific malicious versions are still being analyzed.
This incident underscores the fragility of open-source ecosystems. Even with multiple maintainers and code reviews, a single compromised account can lead to widespread data theft. Organizations must implement dependency integrity checks, such as software bill of materials (SBOM) scanning and package hash verification.
"Trust but verify is no longer enough," warned Mark Osei, CTO of Aikido Security. "We recommend pinning dependencies to exact hashes and using automated tools to detect anomalous package behavior during development."
The PyPI administration has removed the malicious versions, but users who installed them before removal remain at risk. Security teams should also review their CI/CD pipelines for any signs of credential exfiltration or backdoor establishment.
What to Do Next
Check your environment now: Review the background of this attack to understand the techniques used, then audit your dependencies. If you have PyTorch Lightning version 2.6.2 or 2.6.3, downgrade to 2.6.1 or upgrade to the latest patched version as soon as it is released.
For Intercom-client, switch to the most recent secure version and change any API keys that may have been exposed. Consider enabling two-factor authentication on all package maintainer accounts to prevent future takeovers.
This is a rapidly evolving situation. The security firms involved are continuing to investigate, and additional affected packages may be identified. Stay tuned for updates.