Security Alert: malware that is activated when importing Lightning 2.6.2 and 2.6.3 steals credentials and replicates in npm and repositories

A new delivery of the persistent problem of software supply chains has just hit the Python ecosystem: versions 2.6.2 and 2.6.3 of the Lightning package, published on April 30, 2026, were released with malicious code designed to steal credentials and spread from development environments to remote repositories. The project has been quarantined in the official package index, but the vector and sophistication of the attack require a rapid and coordinated response by development teams, infrastructure managers and security officials.

From a technical point of view, the committed package hidden a directory called _ runtime containing a download and a payload JavaScript osfuscada. The execution chain is automatically activated when importing the module, without additional actions by the developer. A Python script called start.py download the runtime Bun and run a large obfuscate payload ("router _ runtime.js") whose main objective is the mass collection of credentials. Among the requested credentials, GitHub's tokens are validated against the API endpoint before using them to inject a worm behavior payload into multiple branches of repositories with writing permits, creating or overwriting files and using a coded identity to appear to be another organization. In turn, malware implements a npm propagation vector that alters local packages - by modifying the post-install in package.json, increasing patch versions and retracing the .tgz - so that a developer who publishes unverified can distribute the malware to the npm supply chain.

The implications are serious: an attack that combines automatic execution when importing, tokens theft and mass replacement capabilities can compromise both local environments, CI / CD pipelines and download users. If a large-permissions token is stolen, the attacker not only extracts data but can enter malicious code directly into multiple repositories, climbing the damage exponentially. In addition, the mixture of Python and npm vectors shows how attackers seek support points in the multi-channel fabric of modern dependencies.

Recommended immediate action: block and remove versions 2.6.2 and 2.6.3 of all the systems concerned and, if necessary, to degrade the latest known clean version (2.6.1). Rotate and revoke immediately all the tokens and credentials that have been able to reside on the compromised machines, including personal and service tokens, SSH keys and CI secrets. Review the history of commits in repositories that use those tokens looking for commons and unexpected files (false authorship, new files or overwriting without notice) and restore from backup or good known status if handling is detected. For local detection, look for artifacts like hidden directories type _ runtime, scripts start.py, presence of runtime Bun and obuscated payload files (e.g. router _ runtime.js) and recent modifications to package.json with postinstall hooks; remove affected packages and reinstall them from verified sources is essential.

Medium-term and long-term preventive measures: implement minimum privileges policies in tokens (using repository tokens or tokens with fine permissions rather than tokens with global reach), enable multi-factor authentication and protect the maintenance accounts of packages with mandatory 2FA, use verified lockfiles and hashes for dependencies (pip hash, lockfiles of poetry / pipenv), review and restrict the publishing capacity in CI, and adopt community-recommended practices for supply chain security such as SLSA and OpenF guides. Automate the scanning of secrets in repositories and artifacts, check the integrity of downloaded packages and limit the exposure of credentials in local environments will reduce the operating window in future incidents.

It is important to follow official sources and updates of the maintainers as long as the research continues: the project concerned shares public information in its repository and in PyPI, and security agencies and signatures are publishing detailed technical indicators of commitment and analysis that should be followed for an effective response. See the project page in PyPI https: / / pypi.org / project / lighting / and the official repository in GitHub https: / / github.com / Lightning-AI / lighting for notices and updates, and review the general security recommendations of the supply chain in initiatives such as OpenSSF https: / / openssf.org /.

In short: the lesson is repeated - periodic audits, least privilege, rotation of credentials and validation of artifacts are essential - and the rapid detection and revocation of committed resources is the difference between a contained incident and an extensive gap in multiple projects and ecosystems.