Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Malware Delivered to PyTorch Users in Supply Chain Attack

Last week’s nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack.

Now part of the Linux Foundation umbrella, PyTorch is based on the Torch library and is used for applications in computer vision and natural language processing fields.

Last week’s nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack.

Now part of the Linux Foundation umbrella, PyTorch is based on the Torch library and is used for applications in computer vision and natural language processing fields.

According to PyTorch’s maintainers, the attack was possible because the Python Package Index (PyPI) code repository of Torchtriton, one of PyTorch’s dependencies, was compromised and injected with malicious code.

The malicious binary, PyTorch says, was designed to be executed when the Triton package was imported. By default, PyTorch does not import the dependency and explicit code is required for this operation.

Once executed, the malicious code would upload sensitive information from the victim’s machine, targeting files of up to 99,999 bytes in size. It would upload the first 1,000 files in $HOME and all the files (of less than 99,999 bytes) in the .ssh directory.

The issue, the maintainers say, only impacts the nightly builds of PyTorch on Linux. Users of the PyTorch stable packages were not affected.

“If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022),” PyTorch announced.

PyTorch explains that the nightly builds fetched Torchtriton from PyPI instead of using the version available via the official PyTorch repository, resulting in the malicious package being installed from the PyPI code repository.

Advertisement. Scroll to continue reading.

“This design enables somebody to register a package by the same name as one that exists in a third party index, and pip will install their version by default,” PyTorch explains.

The PyTorch maintainers removed Torchtriton as a dependency and replaced it with Pytorch-Triton, and also created a dummy Pytorch-Triton package on PyPI to prevent similar attacks. They removed all nightly packages that depend on Torchtriton from their package indices.

PyTorch has shared details on how users can search for the malicious binary in the Torchtriton package and says they informed the PyPI security team of the incident.

Related: US Gov Issues Software Supply Chain Security Guidance for Customers

Related: Hundreds Infected With ‘Wasp’ Stealer in Ongoing Supply Chain Attack

Related: OpenSSF Adopts Microsoft-Built Supply Chain Security Framework

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights