A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services.

The developer disclosed the supply-chain attack on April 30, saying that version 2.6.3 of the package included a hidden execution chain that downloads and executes a JavaScript payload.

PyTorch Lightning is a deep learning framework used for pretraining and fine-tuning AI models. It is a popular package, amassing more than 11 million downloads last month.