Malicious PyTorch Lightning Package Steals AWS and Browser Credentials

On March 15, 2024, the Python Package Index (PyPI) removed a trojanized version of the popular deep‑learning wrapper "pytorch‑lightning" after security analysts at Cisco Talos identified it delivering a credential‑stealing payload. The rogue package, uploaded as version 2.1.1, was live for roughly 14 hours before being taken down, and it had already been installed by several thousand developers, according to download statistics captured by the community.

The malicious code resides in the package’s setup.py script. Upon installation it decodes a base64‑encoded Python payload that runs a small binary named "collect.py". The script first enumerates the target system’s browser databases—Chrome’s "Login Data" SQLite file, Firefox’s "logins.json", and Edge’s WebData—extracting stored usernames and passwords. It then scans home directories for .env files, SSH private keys in ~/.ssh/, and AWS configuration files (~/.aws/credentials and config). Harvested data is compressed, encrypted with a random AES‑256 key, and exfiltrated via an HTTPS POST request to the command‑and‑control (C2) domain "c2‑credential[.]xyz".

The credential theft can give attackers a foothold into cloud environments, as many developers reuse the same API keys for multiple services. In at least one observed case, the stolen AWS keys were used within minutes to launch opportunistic EC2 instances for crypto‑mining, highlighting the rapid monetisation of such supply‑chain attacks. The incident underscores the risk of trusting third‑party packages without verification, especially when those packages have privileged access to local file systems and environment variables.

Organisations should audit their Python environments immediately, removing the offending package with "pip uninstall pytorch‑lightning -y" and reinstalling a known‑good version. All credentials that may have been exposed—browser passwords, SSH keys, cloud API tokens—should be rotated as a precaution. To mitigate future risks, teams can adopt pip‑audit, lockfiles with SHA‑256 hashes, and continuous‑integration pipelines that verify package integrity before deployment. Monitoring outbound traffic for the C2 domain and employing endpoint detection solutions that flag unusual file‑system access can also help detect similar intrusions early.