Hacker News

Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library

107 points by j12y 2 hours ago | 17 comments

Not a security guy here. How did the dependency get compromised, exactly? Did they submit a PR into the main repo at github and it was approved by the maintainers? Or just host compromised versions in other mirrors?

mkeeter 33 minutes ago

A repository search shows 2.2K repos with the text "A Mini Shai-Hulud has Appeared", all created within the past day:

https://github.com/search?q=A%20Mini%20Shai-Hulud%20has%20Ap...

rhdunn 25 minutes ago

The repository names all look like two terms/words from dune (harkonen, mentat, ornithoptor, etc.) followed by a number. This would indicate that the account (possibly GitHub auth/actions token) has been compromised and then used to create the repository.

spate141 32 minutes ago

what's this all about?

foo12bar 25 minutes ago

FTFA

> The attack steals credentials, authentication tokens, environment variables, and cloud secrets, while also attempting to poison GitHub repositories.

CodeAndCuffs 20 minutes ago

That doesn't really explain why there is a bunch of GitHub repos created as well.

If I remember correctly from Shai-Hulud 2, the attacker extricated creds by posting them in public github repos with minor easily reversible encryption. I believe it was double b64 last time.

I'm assuming the logic there is that every security researcher and company is going to pull and scan those creds for their stuff and their clients' stuff. So the attacker is just 1 of N people downloading it. As opposed to trying to send it to their own machine directly.

progbits 29 minutes ago

Malware uploading the credentials it managed to steal

csvance 5 minutes ago

The decision to run all of my experiments in a monorepo with a single uv.lock continues to be validated. I usually only update it a few times a year. It was pinned at 2.6.1 for lightning \o/

achandra03 36 minutes ago

Bless the Maker and His water.

0fflineuser 15 minutes ago

The nixpkg from unstable seems to be infected as it s 2.6.2 https://search.nixos.org/packages?channel=unstable&include_h...

caycep 20 minutes ago

just to clarify it's not PyTorch, it's the library for this Lightning AI company?

lostmsu 18 minutes ago

Yes

throwa356262 28 minutes ago

Advisory, fresh from the owen

https://github.com/Lightning-AI/pytorch-lightning/security/a...

rvz 26 minutes ago

Shai-Hulud strikes again and continues to turn innocent packages into zombies.

Think twice before looking at a package and most importantly, always pin your dependencies.

0xbadcafebee 21 minutes ago

something something Safety Requires A Building Code something thing

spate141 33 minutes ago

ah shit, here we go again

12_throw_away 30 minutes ago

this is fine, we are definitely a perfectly normal industry that knows what it is doing