Claude Code Hooks Abused by Poisoned PyTorch Lightning

Researchers say this may be among the first documented cases of malware abusing Claude Code's hook system in the wild. The vector was a poisoned version of PyTorch Lightning, the AI training framework, pushed to PyPI on April 30th. An attacker with access to PyPI credentials pushed malicious lightning versions 2.6.2 and 2.6.3 directly to PyPI, bypassing the project's GitHub. The packages were live for 42 minutes before quarantine. Once installed, the malware writes a SessionStart hook into the project's Claude Code settings and a runOn folderOpen task into VS Code's tasks.json, so the attacker's script runs every time a developer opens the project. On import, the package also pulls Bun from GitHub and uses it to run an 11 MB obfuscated payload that steals developer credentials, environment variables, cloud secrets, and crypto wallets, and hunts for npm tokens to worm into other packages. Researchers say the attack is part of Mini Shai-Hulud, a wave of supply-chain attacks that hit SAP-related npm packages the same week. PyPI has deleted 2.6.2 and 2.6.3; 2.6.1 is the latest safe version. Sources: https://www.bleepingcomputer.com/news/security/backdoored-pytorch-lightning-package-drops-credential-stealer/, https://thehackernews.com/2026/04/pytorch-lightning-compromised-in-pypi.html, https://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/, https://www.aikido.dev/blog/pytorch-lightning-pypi-compromise-mini-shai-hulud More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday. #cybersecurity #claudecode #supplychain