PyTorch users warned of malicious copy in PyPI registry

Share post:

Developers using the open-source package PyTorch machine learning framework may have  downloaded a compromised version of the package from the PyPI repository over the holidays.

The PyTorch team warns those who downloaded and installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, should uninstall it and torchtriton immediately.

They should be replaced with nightly binaries dated Dec 30th, 2022 and after.

“PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary,” the warning says. “This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.”

Users of the PyTorch stable packages are not affected by this issue.

This is the latest in a series of instances of compromised code with similar or identical names to the legitimate packages plopped onto open-source repositories.

PyTorch realized on December 30th that the malicious dependency package (torchtriton) had been uploaded to the Python Package Index (PyPI) code repository with the same package name as the one shipped on the PyTorch nightly package index. Since the PyPI index takes precedence, this malicious package was installed instead of the version from the official repository. This design enables somebody to register a package by the same name as one that exists in a third-party index, and pip will install their version by default.

This malicious package has the same name, torchtriton, but added in code that uploads sensitive data from the compromised machine.

Torchtriton has been removed as a dependency for PyTorch’s nightly packages and replaced with pytorch-triton, and a dummy package registered on PyPI so this issue doesn’t repeat. All nightly packages that depend on torchtriton have been removed from the package indices.

PyPI is trying to improve security. Last summer it began requiring the implementation of two-factor authentication (2FA) for projects deemed critical, defined as any project in the top one per cent of downloads of the past six months. Eligible maintainers of critical projects can redeem two free security keys to set up 2FA.

In addition, the Open Source Security Foundation (OpenSSF) has created a Securing Software Repositories working group to offer best practices in package security.

The post PyTorch users warned of malicious copy in PyPI registry first appeared on IT World Canada.

Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways