AI’s Supply Chain Nightmare: The Lightning Framework Worm and the “Silence Developer” Meme
Ddos 
In a high-impact escalation of software supply chain attacks, security researchers have identified a major compromise of lightning, a premier deep learning framework used by millions of AI and machine learning developers.
Socket has classified lightning versions 2.6.2 and 2.6.3 as malicious. While version 2.6.1 remains clean, the newer releases were found to contain a hidden execution chain that triggers automatically the moment the module is imported.
The attack is not a simple data stealer; it is a self-propagating worm that exploits the trust developers place in AI tools. Once a developer imports the compromised library, a hidden start.py script downloads the Bun JavaScript runtime to execute an 11 MB obfuscated payload named router_runtime.js.
According to the report, the payload’s intent is clear, “The obfuscated JavaScript payload contains 703 references to process and env, more than 463 references to tokens and authentication, and 336 references to repositories.”
The malware targets:
- Credential Theft: Harvesting GitHub OAuth tokens, npm access tokens, and cloud-related secrets from AWS, Azure, and Google Cloud.
- Repository Poisoning: Using stolen tokens to commit malicious code back into GitHub repositories while impersonating Anthropic’s Claude Code to blend in with legitimate developer workflows.
- Package Infection: Tampering with local npm .tgz tarballs by injecting postinstall hooks and bumping version numbers to ensure the infection spreads when the developer next publishes a package.
The incident took a surreal turn when developers tried to report the issue on GitHub. A public report filed in the Lightning-AI repository was closed within one minute by a project account named pl-ghost, which then posted a “SILENCE DEVELOPER” meme in the thread.
Socket analysts believe this indicates a total compromise of the maintainer’s GitHub account. The account was also observed performing “create-and-delete” branch operations, a pattern associated with probing for write access.
Adding another layer of complexity, the attacker posted a Tor onion link in the GitHub thread pointing to a site branded as “TEAM PCP”. The site features a PGP-signed message claiming alliances with extortion groups like LAPSUS$ and connections to various high-profile data leaks. While the authenticity of these claims is still being investigated, the connection suggests the lightning compromise may be part of a broader extortion and data-theft operation.
If you use the lightning framework, Socket recommends the following urgent actions:
- Purge and Downgrade: Immediately remove versions 2.6.2 and 2.6.3 and downgrade to 2.6.1.
- Secret Rotation: Rotate every credential accessible from environments where the malicious version was imported, including GitHub/npm tokens and cloud provider keys.
- Audit Repositories: Scan your repositories for unauthorized commits from claude@users.noreply.github.com or hidden directories like .claude/.
- Check Build Artifacts: Inspect local npm tarballs for unexpected postinstall scripts or suspicious version increments.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
