Step-by-Step Breakdown of Supply Chain Attacks: The PyTorch Lightning and Intercom-client Credential Theft

Introduction

Software supply chain attacks have become a favored tactic among threat actors, as they exploit trust in widely used packages. In late April 2026, two popular Python libraries—PyTorch Lightning and Intercom-client—were compromised in such an attack, with malicious versions (2.6.2 and 2.6.3 for Lightning) published to PyPI to steal credentials. Security firms including Aikido Security, OX Security, Socket, and StepSecurity identified the campaign. This guide walks you through the exact steps the attackers likely followed, so you can understand the anatomy of this credential theft operation and learn how to defend against similar threats.

What You Need

• Basic understanding of Python packages and PyPI (Python Package Index)
• Familiarity with dependency managers like pip or Poetry
• Knowledge of environment variables and cloud credentials (e.g., AWS keys)
• Optional: access to a Software Composition Analysis (SCA) tool or a security scanner to simulate detection

Steps of the Attack

Step 1: Compromise the Package Maintainer’s Credentials or Build Pipeline

The attack began when threat actors gained unauthorized access to the maintainer accounts of both PyTorch Lightning and Intercom-client on PyPI. This could have been achieved through phishing, credential stuffing, or exploiting a vulnerability in the maintainer’s email or version control system. Once inside, the attackers had full publishing privileges.

Step 2: Inject Malicious Code into the Package Source

With access, the threat actors modified the package source code. For PyTorch Lightning, they inserted a credential-stealing payload into the normally benign library. The code was designed to target environment variables (e.g., AWS_ACCESS_KEY_ID, DATABASE_URL) and cloud configuration files. The injection was carefully obfuscated to evade casual inspection.

Step 3: Build and Sign Malicious Versions

The attackers compiled the tampered code into new package versions. For Lightning, they created versions 2.6.2 and 2.6.3, both published on April 30, 2026. They likely used the same version numbering scheme to appear as a routine update, complete with forged digital signatures that mimicked legitimate releases.

Step 4: Publish to PyPI and Trigger Widespread Distribution

The malicious versions were uploaded to PyPI under the original package name. Due to the trusted reputation of PyTorch Lightning and Intercom-client, many automated dependency resolution tools (e.g., pip install with loose version constraints) immediately pulled the infected packages into development and production environments.

Step 5: Execute Credential Theft on Victim Machines

Once installed, the malicious code ran during import or installation. It scanned the host for sensitive environment variables, cloud provider credentials, API tokens, and configuration files (like .aws/credentials). The payload then encrypted and encoded the stolen data to avoid detection by simple network monitoring.

Step 6: Exfiltrate Stolen Credentials to an Attacker-Controlled Server

The final step involved sending the harvested credentials to a remote command-and-control (C2) server, often via HTTPS requests that mimicked legitimate traffic. The attackers could then use these credentials for lateral movement, data breaches, or financial fraud. Security researchers later detected the exfiltration domains through anomalies in network logs and open-source intelligence.

Tips to Protect Against Similar Attacks

• Pin dependencies to exact versions and use lockfiles (e.g., requirements.txt with hashes, or poetry.lock) to prevent automatic installation of new malicious versions.
• Monitor for unexpected version updates in frequently used packages, especially when a maintainer publishes several versions in a short period (like two in one day).
• Use supply chain security tools such as Socket, OX Security, or StepSecurity to automatically scan for known malicious packages and behavioral indicators.
• Enable two-factor authentication (2FA) on all package registry accounts to reduce the risk of credential compromise.
• Audit environment variables regularly and limit their exposure in CI/CD pipelines; consider using vault services like HashiCorp Vault.
• Implement code reviews for any dependency update that adds new outbound network calls or file access operations.

Conclusion

The PyTorch Lightning and Intercom-client incidents highlight how quickly trust can be weaponized in a supply chain attack. By understanding the step-by-step process—from account compromise to credential exfiltration—you can better secure your own software environments. Always treat every dependency as a potential threat vector and combine automated security tools with diligent manual oversight.