Threat actors linked to the TeamPCP group compromised the Python package Lightning to distribute malicious versions 2.6.2 and 2.6.3, which execute credential-stealing payloads upon installation.

Key Points

• Malicious versions 2.6.2 and 2.6.3 of the Lightning Python package were published to PyPI on April 30, 2026.
• The malware uses the Bun JavaScript runtime to execute an obfuscated payload designed to harvest GitHub tokens and developer credentials.
• Compromised tokens are used to inject worm-like payloads into GitHub repositories and propagate the malware through local npm packages.
• The campaign is part of the broader "Mini Shai-Hulud" operation, which has also targeted Intercom packages on npm and Packagist.
• PyPI administrators quarantined the affected versions, and users are advised to downgrade to version 2.6.1 and rotate all exposed credentials.

Why it Matters

This incident highlights the severe risks of software supply chain attacks where a single compromised dependency can facilitate widespread credential theft across multiple development ecosystems. By automating the injection of malicious code into downstream repositories, attackers can turn a single developer's environment into a vector for further large-scale distribution.