Supply Chain Attacks Compromise PyTorch Lightning and Intercom-client: Credential Theft Campaign Revealed

Overview of the Supply Chain Breaches

In a coordinated series of supply chain attacks, threat actors have infiltrated two widely used Python packages—PyTorch Lightning and Intercom-client—to deploy malicious versions designed for credential theft. Security researchers from multiple firms, including Aikido Security, OX Security, Socket, and StepSecurity, uncovered the campaign, which targeted developers and organizations relying on these packages.

The attacks leverage the trust inherent in open-source ecosystems, where compromised packages can propagate malware to downstream users. Below, we detail the specific incidents and their implications.

PyTorch Lightning Compromise

Malicious Versions and Release Timeline

The PyTorch Lightning package, a popular deep learning framework, was hit with two malicious releases: versions 2.6.2 and 2.6.3. Both were published on April 30, 2026, according to security vendors such as Aikido Security, OX Security, Socket, and StepSecurity. The threat actors behind the attack aimed to harvest credentials from systems where the package was installed.

Mechanism of Attack

Analysis suggests that the malicious code injected into these versions exfiltrated sensitive credentials, including API keys, database passwords, and environment variables. The attackers likely used typo-squatting or compromised maintainer accounts to push the updates, though the exact entry vector remains under investigation.

Developers who upgraded to versions 2.6.2 or 2.6.3 are urged to immediately rotate all credentials exposed in their workflows. The malicious packages have since been removed from PyPI, but users should verify they are running a clean version (e.g., 2.6.1 or earlier, or a newer patched release).

Intercom-client Package Attack

Parallel Credential Harvesting Campaign

In a similar incident, the Intercom-client package—a Python SDK for the Intercom customer messaging platform—was also targeted. Threat actors published altered versions of this package on PyPI with the same objective: stealing credentials from unsuspecting users. The exact malicious versions have not been fully disclosed, but security alerts indicate they were active around the same timeframe as the PyTorch Lightning attacks.

Given the overlap in timing and methodology, researchers assess these are part of a broader, coordinated campaign rather than isolated incidents. The attackers appear to focus on high-traffic packages to maximize their reach.

Impact and Risk Assessment

Both packages are widely used in production environments, especially in AI/ML pipelines (PyTorch Lightning) and customer communication systems (Intercom-client). A successful compromise can lead to:

• Credential exposure with potential lateral movement into cloud infrastructure.
• Data breaches of sensitive customer or internal data.
• Supply chain contamination affecting downstream projects that depend on these packages.

Security teams should treat any system that installed the malicious versions as potentially compromised.

Mitigation and Prevention Strategies

Immediate Actions

1. Audit dependencies: Check for usage of PyTorch Lightning versions 2.6.2/2.6.3 and any Intercom-client versions flagged as malicious. Use tools like pip list or SBOM scanners.
2. Rotate credentials: Replace all API keys, tokens, and passwords that may have been accessed from affected environments.
3. Update to safe versions: Upgrade to the latest patched releases (if available) or downgrade to known clean versions.

Long-term Best Practices

• Implement dependency pinning with hash checks (e.g., using pip hash or lock files).
• Monitor for suspicious package updates via alerts from PyPI or third-party security platforms like Socket or Snyk.
• Use role-based access controls to limit credential exposure in CI/CD pipelines.

Conclusion

The PyTorch Lightning and Intercom-client attacks underscore the growing threat of software supply chain compromises. By injecting malicious code into trusted packages, adversaries can steal credentials at scale. Organizations must adopt proactive security measures and maintain visibility into their open-source dependencies. As the investigation continues, further details may emerge linking these incidents to known threat actors.