← All stories

Bleeping Computer

Backdoored PyTorch Lightning package drops credential stealer

Bill Toulas · 2 days ago · Read original ↗

ATT&CK techniques detected

7 predictions

T1195.001Compromise Software Dependencies and Development Tools

94%

“backdoored pytorch lightning package drops credential stealer a malicious version of the pytorch lightning package published on the python package index ( pypi ) delivers a credential - stealing payload targeting browsers, environment files, and cloud services. the developer disc…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1195.002Compromise Software Supply Chain

79%

“backdoored pytorch lightning package drops credential stealer a malicious version of the pytorch lightning package published on the python package index ( pypi ) delivers a credential - stealing payload targeting browsers, environment files, and cloud services. the developer disc…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1195.001Compromise Software Dependencies and Development Tools

63%

“detected and prevented the malicious routine on customer environments, and notified the package maintainer. the payload, which defender detects as “ shaiworm, ” is an information - stealing malware that targets. env files, api keys, secrets, github tokens, and data stored in chro…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1204.002Malicious File

58%

“detected and prevented the malicious routine on customer environments, and notified the package maintainer. the payload, which defender detects as “ shaiworm, ” is an information - stealing malware that targets. env files, api keys, secrets, github tokens, and data stored in chro…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1195.001Compromise Software Dependencies and Development Tools

56%

“environments. " lightning ai warns that users who ran ‘ import lightning ’ with version 2. 6. 3 may have had their secrets, keys, and tokens compromised. in this case, an immediate rotation of all secrets is strongly recommended. currently, pytorch lightning has been reverted to …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1587Develop Capabilities

52%

“backdoored pytorch lightning package drops credential stealer a malicious version of the pytorch lightning package published on the python package index ( pypi ) delivers a credential - stealing payload targeting browsers, environment files, and cloud services. the developer disc…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1195.002Compromise Software Supply Chain

46%

“detected and prevented the malicious routine on customer environments, and notified the package maintainer. the payload, which defender detects as “ shaiworm, ” is an information - stealing malware that targets. env files, api keys, secrets, github tokens, and data stored in chro…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. [...]