Shai-Hulud Malware Compromises PyTorch Lightning AI Library

The 'lightning' package on PyPI, a popular framework for deep learning, was affected by a supply chain attack that compromised versions 2.6.2 and 2.6.3, released on April 30, 2026. These malicious updates include a concealed _runtime directory containing obfuscated JavaScript that activates upon module import, enabling the theft of credentials, authentication tokens, environment variables, and cloud secrets while also attempting to corrupt GitHub repositories. This incident is linked to the same threat actor responsible for the mini Shai-Hulud campaign, which employs Dune-themed naming. The malware exfiltrates data through four methods: HTTPS POST to C2, GitHub commit search dead-drop, attacker-controlled public GitHub repos, and pushes to the victim's repository. It targets credentials from local files, CI/CD pipelines, and cloud services like AWS, Azure, and GCP. Persistence hooks are embedded in Claude Code and VS Code settings, marking a notable case of malware exploiting Claude Code's hook system. Compromise indicators include commit messages starting with EveryBoiWeBuildIsAWormyBoi, GitHub repositories described as 'A Mini Shai-Hulud has Appeared', and specific files like _runtime/start.py, .claude/router_runtime.js, and .vscode/tasks.json.