TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Snyk Blog

lightning PyPI Compromise: A Bun-Based Credential Stealer in Python

2026-04-30 · Read original ↗

ATT&CK techniques detected

16 predictions
T1195.001Compromise Software Dependencies and Development Tools
98%
"and publishing them to registry. npmjs. org without invoking the npm cli. if a developer machine had npm credentials in scope and importedlightning, treat the npm token as exposed and audit recent publishes from accounts associated with that machine. search github for dead - drop…"
T1195.001Compromise Software Dependencies and Development Tools
97%
"json,. claude / setup. mjs,. vscode / tasks. json,. vscode / setup. mjs, and. github / workflows / format - check. yml. npm tarball worm code paths that mutate local package tarballs on a developer machine, inject setup. mjs, bump the patch version, and publish via directput tore…"
T1195.001Compromise Software Dependencies and Development Tools
97%
"##i, and checkmarx kics payloads, indicating shared tooling rather than independent reimplementation. this is consistent with the broader shai - hulud lineage. the original shai - hulud worm in september 2025, the sha1 - hulud follow - on wave in november 2025 that hit 600 + pack…"
T1195.001Compromise Software Dependencies and Development Tools
94%
". issues are auto - closed by the attacker. " pvdz is peter van der zee, an engineer at socket and the credit on the snyk advisory ; he filed three of the four disclosure issues directly. issue # 21691 was closed three separate times, then reopened three times by maintainer ethan…"
T1195.001Compromise Software Dependencies and Development Tools
88%
"cve has been assigned. the affected releases are flagged by snyk test and listed in the snyk security database. this is the second consecutive day a bun - based stealer with an ~ 11 mb obfuscated payload has been published into a tier 1 ecosystem. yesterday ' s mini shai - hulud …"
T1195.001Compromise Software Dependencies and Development Tools
87%
"lightning pypi compromise : a bun - based credential stealer in python lightning pypi compromise : a bun - based credential stealer in python april 30, 2026 0 mins readon april 30, 2026, two malicious releases of the popular lightning pypi package were published, affecting the de…"
T1195.001Compromise Software Dependencies and Development Tools
86%
"aws, gcp, azure ), and any secrets present in environment variables on the affected host. rotate from a separate, trusted machine. audit github for unauthorized commits. the payload commits to victim repositories using the spoofed identity claude < claude @ users. noreply. github…"
T1195.001Compromise Software Dependencies and Development Tools
84%
"stealer. wrapping a javascript payload in a python loader keeps the js - ecosystem tooling intact while expanding registry reach. the cadence of the last 48 hours is consistent with that read : yesterday npm, today pypi, with the same payload shape and a comparable detection wind…"
T1195.001Compromise Software Dependencies and Development Tools
69%
"##ing is being reused on a faster cadence than registry takedown can keep up with. the malicious lightning versions were detected by automated scanning within roughly 18 minutes of publication, while the package remained installable and the disclosure thread on github had been cl…"
T1195.001Compromise Software Dependencies and Development Tools
65%
"- za - z0 - 9 _ - ] + \. [ a - za - z0 - 9 _ - ] + / g ). it also probes cloud metadata services athttp : / / 169. 254. 169. 254 ( aws imds ), http : / / 169. 254. 170. 2 ( aws ecs ), https : / / oauth2. googleapis. com / tokeninfo, and validates harvested tokens againsthttps : /…"
T1195.001Compromise Software Dependencies and Development Tools
52%
"real, opportunistic, or a deliberate false flag is still open. why " bun in python " matters the most informative forensic detail is the runtime choice. the payload that runs after import lightning is javascript, executed under bun, on a python developer ' s machine. a python - t…"
T1587Develop Capabilities
47%
"##i, and checkmarx kics payloads, indicating shared tooling rather than independent reimplementation. this is consistent with the broader shai - hulud lineage. the original shai - hulud worm in september 2025, the sha1 - hulud follow - on wave in november 2025 that hit 600 + pack…"
T1567.001Exfiltration to Code Repository
43%
"and publishing them to registry. npmjs. org without invoking the npm cli. if a developer machine had npm credentials in scope and importedlightning, treat the npm token as exposed and audit recent publishes from accounts associated with that machine. search github for dead - drop…"
T1587Develop Capabilities
40%
"json,. claude / setup. mjs,. vscode / tasks. json,. vscode / setup. mjs, and. github / workflows / format - check. yml. npm tarball worm code paths that mutate local package tarballs on a developer machine, inject setup. mjs, bump the patch version, and publish via directput tore…"
T1587Develop Capabilities
37%
"and publishing them to registry. npmjs. org without invoking the npm cli. if a developer machine had npm credentials in scope and importedlightning, treat the npm token as exposed and audit recent publishes from accounts associated with that machine. search github for dead - drop…"
T1195.001Compromise Software Dependencies and Development Tools
33%
": the github issue thread also contained an onion link to a team pcp - branded site, which posts a pgp - signed message claiming connections to lapsus $ and earlier extortion activity. the pgp signature has not been independently verified, and the underlying claims are unconfirme…"

Summary

A malicious release of the lightning PyPI package ships a credential-stealing Bun payload that runs on import. Snyk has a live advisory. Here's what's in the package, what to rotate, and how the payload pattern connects to the Mini Shai-Hulud npm campaign one day earlier.