Search This Blog

Powered by Blogger.

Blog Archive

Labels

PyTorch Reveals Harmful "Dependency" Strain Compromise over Holidays

PyTorch has found a harmful dependency with the same name as the framework's 'torchtriton' archive. This resulted in a compromise.


What is Torchitron?

PyTorch has found a harmful dependency with the same name as the framework's 'torchtriton' archive. This resulted in an executable compromise through the dependency confusion attack vector. 

PyTorch administrators have warned users that installed PyTorch-nightly during the holidays to remove the framework and the fake torchtriton dependency. From natural language processing to computer vision, the open-source machine learning framework PyTorch has been prominent in both academic and commercial sectors. 

As per PyTorch advisory, at around 4:40 pm GMT on December 30, it learned about a malicious dependency package (torchtriton) that was uploaded to the Python Package Index (PyPI) code repository with the same package name as the one we ship on the PyTorch nightly package index. 

Since the PyPI index takes precedence, this malicious package was installed instead of the version from our official repository. This design enables somebody to register a box by the same name as one that exists in a third-party index, and pip will install their version by default.

This malicious package has the same name torchtriton but added code that uploads sensitive data from the machine. 

Malicious library attacks PyTorch-nightly users

From 25th December to 30th December 2022, users who installed PyTorch-nightly should ensure their systems were not attacked. The warning comes after a torchtriton dependency surfaces over the holidays on the Python Package Index (PyPI) registry, the official third-party software repository dedicated to Python. The PyTorch team recommends "uninstalling it and torchtriton immediately, and using the latest nightly binaries (newer than Dec 30th, 2022)." 

The harmful torchtriton dependency in the PyPI has the same name as the official library posted on PyTorch-nightly's repo. However, while retrieving dependencies in the Python ecosystem, PyPI generally comes ahead, making the malicious package to get attracted to your system instead of PyTorch's open platform. 

Sensitive files compromised claims report

Along with surveying your system for basic fingerprinting like IP address, current working directory, and username, Torchtriton also steals sensitive data.

The main function of the malicious PyPI Triton binary is:

Get system information

  • nameservers from /etc/resolv.conf
  • hostname from gethostname()
  • current username from getlogin()
  • current working directory name from getcwd()
  • environment variables

Read the following files

  • /etc/hosts
  • /etc/passwd
  • The first 1,000 files in $HOME/*
  • $HOME/.gitconfig
  • $HOME/.ssh/*

The malicious binary then uploads all this data (including file contents) to the domain *.h4ck[.]cfd, using the DNS server wheezy[.]io. 

PyTorch has taken the following steps to control the impact:

  • Torchtriton has been removed as a dependency for its nightly packages and replaced with pytorch-triton (pytorch/pytorch#91539) and a dummy package registered on PyPI (so that this issue doesn’t repeat).
  • All nightly packages that depend on torchtriton have been removed from its package indices at https://download.pytorch.org until further notice.
  • It has reached out to the PyPI security team to get proper ownership of the torchtriton package on PyPI and to delete the malicious version.



Share it:

Cyber Security

PyPI

PyTorch

Torchitron