EntrarThe post New Quasar Linux (QLNX) RAT Hijacks Cloud Keys and NPM Tokens appeared first on Daily CyberSecurity.
Visualização de leitura
Malicious PyTorch Lightning update hits AI supply chain security
A malicious PyTorch Lightning update (v2.6.3) on PyPI spread briefly, stealing credentials and raising major concerns about AI supply chain security.
A malicious update of the PyTorch Lightning library exposed developers to credential theft and remote compromise. Attackers uploaded version 2.6.3 to the Python Package Index (PyPI), where it spread among developers before maintainers removed it at the end of April.
PyTorch Lightning is an open-source framework built on top of PyTorch that simplifies how developers train and deploy deep learning models.
Given the library’s popularity in AI development, the incident raised serious concerns about the security of software supply chains.
The compromised package executed hidden code as soon as developers imported it. It launched a background process, downloaded a JavaScript runtime (Bun), and ran a large, heavily obfuscated payload. Microsoft identified the malware as ShaiWorm, a credential stealer designed to extract sensitive information from infected systems.
“lightning==2.6.3 (published on PyPI as py3-none-any wheel) contains a hidden execution chain that silently downloads a JavaScript runtime (Bun) and executes an 11.4 MB heavily obfuscated JavaScript payload upon import lightning. This payload contains credential-stealing functionality targeting cloud providers, browsers, and environment files.” reads the advisory.
Microsoft Defender detected and protected customers against a new software supply chain compromise affecting the "pytorch-lightning" package and immediately reported the issue to the repository maintainers for takedown: https://t.co/yDdIftxQRE.
— Microsoft Threat Intelligence (@MsftSecIntel) May 2, 2026
At the time the compromised…
The malware targeted a wide range of data. It searched for .env files, API keys, GitHub tokens, and credentials stored in browsers like Chrome, Firefox, and Brave. It also collected access keys for major cloud platforms, including AWS, Azure, and Google Cloud. Beyond data theft, the malware allowed attackers to execute arbitrary commands on the system, effectively giving them full control over compromised environments.
Lightning AI quickly warned users about the risk. The company advised anyone who used version 2.6.3 to rotate all credentials and secrets immediately. It removed the malicious release and replaced it with a safe version. At the same time, Microsoft Defender detected and blocked the threat on affected endpoints, limiting its spread to a relatively small number of systems.
It is still unclear how attackers managed to insert the backdoor. Lightning AI continues to examine whether a compromised developer account, build system, or third-party dependency enabled the attack. The company also audits other recent releases to ensure no additional malicious code remains.
“Observed activity remains limited to a small number of devices and appear contained to a narrow set of environments.” states Microsoft. “We are also investigating container-based telemetry and registry-related signals that may indicate potential compromise in some scenarios.”
This incident shows how attackers increasingly target trusted components in the AI and Python ecosystems. Widely used libraries offer an efficient entry point, allowing attackers to reach many developers at once. It highlights the need for stronger safeguards, including dependency verification, runtime monitoring, and stricter controls around software distribution and updates.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, PyTorch Lightning)
Xinference PyPI Supply Chain Poisoning Warning
Overview Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the PyPI release permission credentials of Xinference maintainers and released three consecutive malicious versions implanted with Trojans on April 22, GMT+8. When triggered by the user, it will collect cloud credentials, SSH keys, API tokens, Sensitive […]
The post Xinference PyPI Supply Chain Poisoning Warning appeared first on NSFOCUS.
The post Xinference PyPI Supply Chain Poisoning Warning appeared first on Security Boulevard.
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign
Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group.
ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected packages, continuing the group’s efforts to target the software supply chain.
“The ReversingLabs research team has identified a new branch of a fake recruiter campaign conducted by the North Korean hacking team Lazarus Group.” reads the report published by ReversingLabs. “The campaign, which the team named graphalgo, based on the first package included in this campaign in the npm repository, has been active since the beginning of May 2025.”
The campaign, tracked as ‘graphalgo’, has been active since May 2025 and targets JavaScript and Python developers with fake cryptocurrency recruiter tasks. Attackers approach victims on LinkedIn, Facebook, and Reddit, posing as a blockchain company. Malicious code is hidden through multiple public platforms, including GitHub, npm, and PyPI. The researchers noticed that one npm package, bigmathutils, gained over 10,000 downloads before attackers pushed a malicious update.
The Graphalgo campaign is a modular, multi-stage operation designed to stay active even if parts are exposed:
Phase 1 – Fake company:
Attackers created a fake blockchain firm, Veltrix Capital, with websites and GitHub organizations that look legitimate but lack real leadership details. When one setup risks exposure, they spin up a new company, domains, and AI-generated content to rebuild trust.
Phase 2 – Interview tasks:
The fake company publishes GitHub “job interview” repositories in Python and JavaScript. These projects look harmless, but they secretly depend on malicious npm or PyPI packages. When candidates run the tasks, the malicious dependency executes on their systems.
Phase 3 – Recruiting:
Victims are lured through Reddit, Facebook groups, LinkedIn, and direct recruiter messages. Some recruiters appear real, adding credibility, but disengage when questioned about the company.
Phase 4 – Malicious dependencies:
The backend relies on malicious open-source packages hosted on npm and PyPI. Early “graph-” packages impersonate popular libraries, while later “big-” packages build user trust first, then deliver malware in delayed updates.
Phase 5 – Final payload:
Infected systems download a RAT that supports file access, command execution, and process control. The malware uses token-protected C2 communication and checks for crypto wallets like MetaMask, pointing to financial theft motives.
North Korean threat actors, widely linked to the Lazarus Group, have a long track record of abusing npm and PyPI. In 2023, researchers exposed the VMConnect campaign, where fake PyPI packages tied to sham GitHub repos delivered malware. A year later, the operation evolved into fake recruiter coding tests: victims ran malicious packages disguised as interview tasks, triggering second-stage downloads. Reports from other cybersecurity firms, including Phylum, Unit 42, Veracode, and Socket, documented similar npm campaigns.
Attribution to Lazarus is based on repeated patterns: fake job interviews, crypto-focused lures, multistage encrypted malware, delayed malicious updates, token-protected C2, and GMT+9 timestamps. The campaign’s modular design allows attackers to swap fake “frontends” while reusing backend infrastructure. With new package waves and payload variants still emerging, the operation appears ongoing and highly sophisticated.
“Evidence suggests that this is a highly sophisticated campaign. Its modularity, long-lived nature, patience in building trust across different campaign elements, and the complexity of the multilayered and encrypted malware point to the work of a state-sponsored threat actor.” concludes the report. “Fake interviews as the initial contact vector, as well as a cryptocurrency-focused story and malware, together with other techniques mentioned in this blog post, point to North Korea’s Lazarus Group. “
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – malware, graphalgo campaign)
