The developer behind a major open-source machine learning framework warned that a malicious dependency mimicking one of its own was available in a major code repository over the Christmas period.
The malicious package “torchtriton” had the same name as the legitimate PyTorch dependency, but featured code that uploaded sensitive data from the victim’s machine, PyTorch explained.
“A malicious dependent package (torchtriton) was uploaded to the Python Package Index (PyPI) code repository with the same package name as shipped with PyTorch on Friday, December 30th at approximately 4:40 PM GMT. -Nightly Package Index,” the blog post said.
“This malicious package was installed instead of the version from the official repositories, as the PyPI index takes precedence. Now you can, and pip will install that version by default.”
PyTorch is asking anyone who installed PyTorch-nightly on Linux via pip between December 25th and 30th, 2022 to immediately uninstall both it and torchtriton and update to the latest prompted me to use the nightly binaries of .
According to January 1st statistics, over 2,300 developers had downloaded malicious packages in the previous week that could have compromised their projects.
Henrik Plate, a security researcher at Endor Labs, said attackers are moving away from exploiting CVEs and are more inclined to manipulate maintainers and users, using techniques that are difficult to detect with traditional bug scanning. I claimed.
“The technique used in the attack resembles the well-known dependency chaos and exploits setups where multiple package repositories are used to download project dependencies,” he explained. Did.
“Depending on the package manager’s resolution algorithm (such as the order in which it connects to repositories), an attacker could force the package manager to download a malicious package instead of a legitimate package.”
