Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Malware Delivered to PyTorch Users in Supply Chain Attack

Last week’s nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack.

Now part of the Linux Foundation umbrella, PyTorch is based on the Torch library and is used for applications in computer vision and natural language processing fields.

Last week’s nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack.

Now part of the Linux Foundation umbrella, PyTorch is based on the Torch library and is used for applications in computer vision and natural language processing fields.

According to PyTorch’s maintainers, the attack was possible because the Python Package Index (PyPI) code repository of Torchtriton, one of PyTorch’s dependencies, was compromised and injected with malicious code.

The malicious binary, PyTorch says, was designed to be executed when the Triton package was imported. By default, PyTorch does not import the dependency and explicit code is required for this operation.

Once executed, the malicious code would upload sensitive information from the victim’s machine, targeting files of up to 99,999 bytes in size. It would upload the first 1,000 files in $HOME and all the files (of less than 99,999 bytes) in the .ssh directory.

The issue, the maintainers say, only impacts the nightly builds of PyTorch on Linux. Users of the PyTorch stable packages were not affected.

“If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022),” PyTorch announced.

PyTorch explains that the nightly builds fetched Torchtriton from PyPI instead of using the version available via the official PyTorch repository, resulting in the malicious package being installed from the PyPI code repository.

“This design enables somebody to register a package by the same name as one that exists in a third party index, and pip will install their version by default,” PyTorch explains.

The PyTorch maintainers removed Torchtriton as a dependency and replaced it with Pytorch-Triton, and also created a dummy Pytorch-Triton package on PyPI to prevent similar attacks. They removed all nightly packages that depend on Torchtriton from their package indices.

PyTorch has shared details on how users can search for the malicious binary in the Torchtriton package and says they informed the PyPI security team of the incident.

Related: US Gov Issues Software Supply Chain Security Guidance for Customers

Related: Hundreds Infected With ‘Wasp’ Stealer in Ongoing Supply Chain Attack

Related: OpenSSF Adopts Microsoft-Built Supply Chain Security Framework

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.