1 min read

PyTorch Identifies Malicious Dependency in its Nightly Build

Vlad CONSTANTINESCU

January 03, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
PyTorch Identifies Malicious Dependency in its Nightly Build

PyTorch maintainers have discovered a malicious dependency affecting a nightly build version of the machine learning (ML) framework.

Users who installed PyTorch-nightly Linux packages over the holidays via pip might have inadvertently installed a compromised dependency that ran a malicious binary.

The rogue component, torchtriton, is a legitimate library used by the open-source ML framework that was uploaded as part of a dependency confusion attack.

Perpetrators uploaded a malicious version of torchtriton on the Python Package Index (PyPI) code repository using the same package name as the official PyTorch nightly package index.

“Since the PyPI index takes precedence, this malicious package was being installed instead of the version from our official repository,” reads PyTorch’s announcement. “This design enables somebody to register a package by the same name as one that exists in a third party index, and pip will install their version by default.”

The malware-laced torchtriton dependency scouts for basic fingerprinting info, including usernames, IP addresses and the current working directory. It can also retrieve sensitive data such as current usernames and environment variables, and read the following files:

  • /etc/hosts
  • /etc/passwd
  • The first 1,000 files in $HOME/*
  • $HOME/.gitconfig
  • $HOME/.ssh/*

Once the recon work is done, the malware exfiltrates harvested data and file contents to “*.h4ck[.]cfd, using the DNS server wheezy[.]io” through encrypted DNS queries.

“If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022),” warns PyTorch.

To mitigate the incident, torchtriton was removed as a PyTorch nightly dependency and replaced with pytorch-triton. The framework’s maintainers also temporarily removed all nightly packages that depend on torchtriton, took proper ownership of the PyPI torchtriton package and removed the malicious version.

tags


Author


Vlad CONSTANTINESCU

Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like

Bookmarks


loader