PyTorch Lightning Malware Scans 80+ Paths in 2.6.2/2.6.3

Semgrep uncovered PyTorch Lightning malware named Shai-Hulud in PyPI versions 2.6.2 and 2.6.3 on April 30, 2026. The malware scans 80+ credential paths on AI training PCs. PyPI logs record 15,000+ daily downloads of the package.

Attackers compromised the repository. Malware sends data via four HTTPS POST requests on port 443. Semgrep released a detection rule at semgrep.dev/r/semgrep_supply.ai-pytorch-lightning-shai-hulud for Windows, Linux, and macOS.

Shai-Hulud Discovery in PyTorch Lightning

Semgrep's tool flagged code during PyPI audits. Semgrep's blog post on May 1, 2026, details the post-install script's credential scans. PyTorch Lightning appears in 40% of open-source AI repos, per GitHub data.

Maintainer account takeover bypassed PyPI signatures. Semgrep confirmed no prior typosquatting. Pip users on AI rigs must verify hashes.

87 Credential Paths Targeted by Malware

Shai-Hulud probes paths like ~/.ssh/id_rsa, ~/.gitconfig, and ~/.npmrc for ghp_, gho_, npm_ prefixes. Semgrep lists 87 paths, including VS Code vaults and Docker secrets.

It reads files up to 5 MB. Larger files over 30 MB chunk into 1 MB segments for uploads. Developers on Ryzen Threadripper PRO 7995WX with 384 GB DDR5 risk token exposure in training.

Four channels send data to a C2 server as web traffic. This evades home firewalls. RTX 5090 or MI300X users face threats in DDP training.

AWS Metadata Risks in AI Pipelines

Malware queries AWS IMDSv2 at 169.254.169.254 and ECS at 169.254.170.2. Semgrep's blog notes six curl commands for IAM roles and keys in EC2-S3 setups.

Local PCs sync AWS datasets, triggering probes. Ubuntu 24.04 Docker or Windows Server 2025 exposes secrets. Z890 PCIe 5.0 multi-GPU rigs amplify risks.

Stolen tokens cause $10,000+ S3 bills or $500K breaches, per IBM Cost of a Data Breach Report 2025. AI hardware ROI delays on 24 GB VRAM cards.

PyPI Attack Hits PC AI Ecosystems

PyTorch Lightning enables DDP on dual RTX 6000 Ada with Core Ultra 9 285K and 128 GB DDR5-8000. Tainted installs scan VS Code and JetBrains vaults.

Attackers use stolen tokens to fork repos or ransom data. Checkmarx reported 1,200+ typosquatting cases in 2023. This supply chain attack evades pinning.

NVIDIA CUDA 12.4 and AMD ROCm 6.1 speed convergence 30%, per Lightning AI docs. Malware adds <1% CPU overhead on 4090 Ti.

Network Detection and Overhead

Exfiltration hits 5 MB/s on port 443. Wireshark spots POSTs over 1 MB. Malware idles post-scan, avoiding throttling on i9-14900KS with RTX 4080.

Semgrep rules fit GitHub Actions. PyPI history at pypi.org/project/lightning/#history shows reversals. Lightning AI recommends 2.6.1 or 2.6.4+.

AI Hardware Market Financial Risks

Incident exposes $250B AI chip market, per McKinsey 2026 forecast. Breaches raise data center insurance 15%. H100 clusters suffer.

$5,000+ MI325X or GB200 buyers need secure stacks. Breaches cut 20-30% GPU ROI. NVIDIA (NVDA) and AMD (AMD) link software risks to sales.

Mitigate PyTorch Lightning Malware Now

Run `pip uninstall lightning==2.6.2 lightning==2.6.3`. Rotate GitHub PATs, npm tokens, AWS keys. Check hashes vs. Lightning AI docs.

Use Semgrep in CI. Isolate with Firejail or Podman on 64-core EPYC. Set AWS IMDSv2 limits, fine-grained tokens. pfSense blocks odd 443 traffic.

Maintainers added 2FA, GPG. Secure multi-GPU training resumes with Poetry locks. AI hardware investments demand verified software.