Heimdal
Home > Cybersecurity News

PyTorch Dependency Chain Compromised During Winter Holidays

PyTorch Machine Learning Framework Was Victim of a Dependency Confusion Attack.

Last updated on January 3, 2023

article featured image

Contents:

Users who installed PyTorch-Nightly during last week of December are warned to uninstall it and torchtriton immediately. The good news is those who use PyTorch stable package were not impacted by this problem.

The open-source Python-based machine learning framework discovered the malicious dependency on December 30th. A valid dependency named torchtriton’s malware-infected copy was uploaded to the Python Package Index (PyPI) code repository as part of the supply chain attack. Users had no way to differentiate the legitimate dependency from the malicious one, which is designed to exfiltrate system information.

Is Your System Affected by Malicious Torchtriton Version?

If you suspect your Python environment might have been impacted, you should check it by running this command, suggested by the PyTorch team. The result will be revealed immediately:

python3 -c “import pathlib;import importlib.util;s=importlib.util.find_spec(‘triton’); affected=any(x.name == ‘triton’ for x in (pathlib.Path(s.submodule_search_locations[0] if s is not None else ‘/’ ) / ‘runtime’).glob(‘*’));print(‘You are {}affected’.format(” if affected else ‘not ‘))”

Source

To uninstall the malicious version, as advised, use the command:

$ pip3 uninstall -y torch torchvision torchaudio torchtriton

$ pip3 cache purge

Source

What`s at Risk for the Supply Chain Attack Victims?

Once installed, the fake torchtriton will try to get your IP address, username, and current working directory, but it will also go after more sensitive data regarding your system:

  • nameservers from /etc/resolv.conf
  • hostname from gethostname()
  • current username from getlogin()
  • current working directory name from getcwd()
  • environment variables

Source

The malicious binary also

Reads the following files

  • /etc/hosts
  • /etc/passwd
  • The first 1,000 files in $HOME/*
  • $HOME/.gitconfig
  • $HOME/.ssh/*

Source

After obtaining all this data, threat actors use encrypted DNS queries, through wheezy.io DNS server, to upload it on the h4ck.cfd domain.

In order to mitigate the impact of the attack, PyTorch removed torchtriton as a dependency and put pytorch-triton instead. A dummy package was also registered on PyPI.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

What Is a DNS Server? Definition, Purpose and Safety MeasuresTop Cyber Attacks of 2022 – What Were the Biggest Events of the Year?What Is DNS Tunneling, and How to Detect and Prevent ItPython and JavaScript Developers Exposed to Malware InfectionsWhat Is a Supply Chain Attack?What Is Data Leakage?Machine Learning in Cybersecurity 101What Is a Data Breach and How to Prevent ItWhat Can Malicious Code Do? A Brief Overview of Common Cyberattacks

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V