Malicious PyTorch Lightning Packages Found on PyPI

AndyC 1 May 2026

The post Malicious PyTorch Lightning Packages Found on PyPI appeared first on 2024 Sonatype Blog.
TL;DR
Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher account’s compromise.

[…Keep reading]

Malicious PyTorch Lightning Packages Found on PyPI

Malicious PyTorch Lightning Packages Found on PyPI

The post Malicious PyTorch Lightning Packages Found on PyPI appeared first on 2024 Sonatype Blog.

TL;DR

Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher account’s compromise.

Lightning versions 2.6.2 and 2.6.3 (tracked as sonatype-2026-002817) were published on April 30, 2026, containing embedded malicious code that gathers developer credentials and publishes infected package versions.

If downloaded, these malicious versions have likely already done their damage — if you are unsure, verify that your build processes are using version 2.6.1.

The widely used pytorch-lightning package has been hijacked by malicious actors, resulting in two malicious versions (2.6.2 and 2.6.3) publishing on the PyPI registry on April 30, 2026. The packages are designed to steal developer credentials and republish malicious versions of the repositories to which stolen tokens have access.
This is yet another escalation in a series of self-propagating open source malware attacks that are designed to steal credentials, spread rapidly, and overwhelm open source repositories.
What Happened
On April 30, 2026, two back-to-back releases of the lightning package were published to PyPI:

lightning 2.6.2

lightning 2.6.3 (published just 13 minutes later)

The project’s maintainers released an advisory detailing the incident. Both versions were uploaded by the same publisher and researchers believe are part of a coordinated attack. Despite minimal differences between the releases, both contained the same malicious payload.
Critically, version 2.6.3 was not a fix. It retained the full malicious functionality while slightly modifying metadata and loader behavior to evade detection.
Technical Analysis: How the Attack Works
The attack is triggered automatically when the package is imported:

*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Sonatype Security Research Team. Read the original post at: https://www.sonatype.com/blog/malicious-pytorch-lightning-packages-found-on-pypi

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , ,

What do you feel about this?

More Stories

Are we ready to give AI agents the keys to the cloud? Cloudflare thinks so

The Slop Problem Isn’t What You Think

AndyC 1 May 2026
Escape AI Pentesting Agents 2.0 – A Deep Dive

Escape AI Pentesting Agents 2.0 – A Deep Dive

AndyC 1 May 2026
CVE-2026-31431 (Copy Fail): Linux Kernel LPE

[un]prompted 2026 – Traditional ML vs. LLMs: Who Can Classifv Better?

AndyC 1 May 2026
Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM

Imperva Customers Protected Against CVE-2026-41940 in cPanel & WHM

AndyC 1 May 2026
Patch management goes from hard, to ludicrous in the agentic AI era

Patch management goes from hard, to ludicrous in the agentic AI era

AndyC 1 May 2026
Gartner sees untamed growth in agentic AI

Friendlier chatbots can be less reliable, study says

AndyC 1 May 2026

You may have missed

Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

AndyC 1 May 2026
Malicious PyTorch Lightning Packages Found on PyPI

Malicious PyTorch Lightning Packages Found on PyPI

AndyC 1 May 2026
Are we ready to give AI agents the keys to the cloud? Cloudflare thinks so

The Slop Problem Isn’t What You Think

AndyC 1 May 2026
Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

AndyC 1 May 2026
Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not

AndyC 1 May 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.