Back to Intelligence

PyTorch Lightning Supply Chain Attack and ScarCruft APT: Detection & Remediation

SA
Security Arsenal Team
May 10, 2026
6 min read

Introduction

The latest Security Affairs malware newsletter (Round 96) highlights a surge in sophisticated supply-chain compromises and mobile surveillance threats. Among the most critical for enterprise defenders is the discovery of a backdoored pytorch-lightning package on the Python Package Index (PyPI), designed to drop a credential stealer. Concurrently, the ScarCruft (APT37) threat actor has weaponized a gaming platform to distribute malware, and the CloudZ RAT continues to evolve with a Pheno plugin capable of bypassing two-factor authentication (2FA).

For SOC analysts and security engineers, these threats represent a shift toward poisoning trusted development pipelines and consumer-facing software to bypass perimeter defenses. Immediate action is required to audit Python environments and patch gaming clients to prevent credential theft and persistent access.

Technical Analysis

1. Backdoored PyTorch Lightning (PyPI Supply Chain)

  • Affected Product: pytorch-lightning (via PyPI).
  • Attack Vector: Dependency Confusion / Typosquatting or Compromised uploader. The malicious package was designed to mimic the legitimate library.
  • Mechanism: Upon installation, the package executes a malicious payload (__init__.py or setup.py obfuscation) that retrieves and drops a credential stealer.
  • Impact: Harvesting of system credentials, API keys, and potentially cloud environment secrets from developer workstations and build servers.

2. ScarCruft (APT37) Gaming Platform Compromise

  • Threat Actor: ScarCruft (also known as Reaper, APT37), a state-sponsored group aligned with North Korean interests.
  • Vector: Supply-chain attack. A legitimate gaming platform distribution channel was compromised to deliver malicious payloads.
  • Mechanism: Users downloading the game client receive a rigged installer. The malware establishes persistence and likely facilitates espionage or data exfiltration.
  • Exploitation Status: Confirmed active exploitation in the wild.

3. CloudZ RAT with Pheno Plugin

  • Platform: Android.
  • Capabilities: The Pheno plugin grants the RAT access to Accessibility Services, allowing it to overlay screens and intercept OTP messages (SMS 2FA bypass).
  • Risk: Bypassing MFA controls for banking and corporate accounts accessed via mobile devices.

Detection & Response

Sigma Rules

The following Sigma rules detect the suspicious behavior associated with the PyTorch credential stealer (Python spawning shells/encoded commands) and the ScarCruft gaming compromise (signed game binary spawning unexpected child processes).

YAML
---
title: PyTorch Lightning Supply Chain - Python Spawning Credential Stealer
id: 9a8b7c6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d
status: experimental
description: Detects Python processes spawning PowerShell or CMD with encoded arguments, common in malicious package droppers like the backdoored PyTorch Lightning.
references:
  - https://securityaffairs.com/191911/malware/security-affairs-malware-newsletter-round-96.html
author: Security Arsenal
date: 2024/10/21
tags:
  - attack.execution
  - attack.t1059.001
  - attack.t1059.003
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    ParentImage|endswith:
      - '\python.exe'
      - '\pythonw.exe'
    Image|endswith:
      - '\powershell.exe'
      - '\cmd.exe'
    CommandLine|contains:
      - 'FromBase64String'
      - 'Invoke-Expression'
      - 'DownloadString'
  condition: selection
falsepositives:
  - Legitimate developer scripts executing system commands
level: high
---
title: ScarCruft Supply Chain - Gaming Launcher Spawning Shell
id: 1a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6d
status: experimental
description: Detects a signed gaming client or launcher spawning an unexpected shell (cmd/powershell), indicative of the ScarCruft supply chain compromise.
references:
  - https://securityaffairs.com/191911/malware/security-affairs-malware-newsletter-round-96.html
author: Security Arsenal
date: 2024/10/21
tags:
  - attack.initial_access
  - attack.t1195
  - attack.execution
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    ParentImage|contains:
      - 'Game'
      - 'Launcher'
    Image|endswith:
      - '\powershell.exe'
      - '\cmd.exe'
  filter_legit:
    # Add legitimate game updaters here if known
    ParentImage|contains: 'Steam'
  condition: selection and not filter_legit
falsepositives:
  - Legitimate game updates or mods
level: critical

KQL (Microsoft Sentinel / Defender)

This query hunts for the installation of the backdoored package and subsequent suspicious network activity from Python processes.

KQL — Microsoft Sentinel / Defender
// Hunt for PyTorch Lightning Supply Chain Compromise
// Looks for pip install events followed by suspicious network connections
let PackageInstall = 
  DeviceProcessEvents
  | where FileName in~ ("pip.exe", "python.exe")
  | where ProcessCommandLine contains "pytorch-lightning" 
       or ProcessCommandLine contains "torch-lightning";
let SuspiciousActivity = 
  DeviceNetworkEvents
  | where InitiatingProcessFileName in~ ("python.exe", "pythonw.exe")
  | where RemotePort in (443, 80) 
       and InitiatingProcessCreationTime >= ago(7d);
PackageInstall
| join kind=inner SuspiciousActivity on InitiatingProcessGuid
| project Timestamp, DeviceName, InitiatingProcessCommandLine, RemoteUrl, RemoteIP

Velociraptor VQL

Hunt for the presence of the malicious pytorch-lightning package files in the site-packages directory and check for the associated credential stealer binaries often dropped in temp folders.

VQL — Velociraptor
-- Hunt for PyTorch Lightning Supply Chain Artifacts
SELECT FullPath, Size, Mtime, Mode
FROM glob(globs="*/Lib/site-packages/pytorch*/*")
WHERE 
  -- Flag if package is in a user writable path or recently modified
  FullPath =~ "pytorch-lightning" 
  AND Mtime > now() - 7d
-- Hunt for suspicious binaries in temp directories spawned by Python
SELECT FullPath, Size, Mtime, CommandLine
FROM glob(globs="C:\Users\*\AppData\Local\Temp\*.exe")
WHERE Mtime > now() - 1d 
  AND FileName NOT IN ("python.exe", "pip.exe")

Remediation Script (PowerShell)

Automate the removal of the malicious package and force a reinstall from the trusted source.

PowerShell
# Remediation Script for Backdoored PyTorch Lightning
# Requires elevated permissions and Python/pip in PATH

Write-Host "[+] Checking for pytorch-lightning installation..."

# List installed packages to identify suspicious versions
$installedPackages = pip list 2>$null

if ($installedPackages -match "pytorch-lightning") {
    Write-Host "[!] pytorch-lightning found. Forcing uninstall to remove potential backdoor." -ForegroundColor Yellow
    
    # Uninstall the potentially compromised package
    pip uninstall -y pytorch-lightning
    
    # Clear pip cache to remove cached malicious wheel files
    pip cache purge
    
    Write-Host "[+] Reinstalling clean version from official PyPI..." -ForegroundColor Green
    pip install pytorch-lightning --upgrade --force-reinstall
    
    Write-Host "[+] Remediation complete. Please monitor process logs for credential stealer activity." -ForegroundColor Green
} else {
    Write-Host "[-] pytorch-lightning not found on this system." -ForegroundColor Cyan
}

Remediation

Immediate Actions

  1. Python Environments: Audit all developer workstations and build servers. Run the provided PowerShell script to remove any instances of pytorch-lightning and reinstall from a trusted source. Verify package integrity using hash comparison against official repository sources.
  2. Gaming Platforms: Instruct users to avoid updating or installing the affected gaming platform (specific vendor to be identified via threat intel) until the vendor releases a patched installer. Block execution of the identified malicious installer hash via endpoint protection (EDR).
  3. Mobile Devices (CloudZ RAT): Enforce strict MDM policies. Disallow installation of apps from unknown sources. If CloudZ RAT is suspected, perform a factory reset of the device, as malware with Accessibility Service permissions is incredibly difficult to remove with standard antivirus.

Long-Term Hardening

  • Software Composition Analysis (SCA): Integrate SCA tools into the CI/CD pipeline to detect typosquatting and malicious dependencies during build time.
  • Supply Chain Vetting: Implement requirements for code signing and integrity checks for all software distributed internally or via trusted third-party platforms.
  • Network Segmentation: Isolate developer workstations from production environments to prevent credential theft from leading to lateral movement.

Related Resources

Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub

sigma-rulekql-detectionthreat-huntingdetection-engineeringsiem-detectionpytorch-lightningscar-cruftsupply-chain

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action