Users who installed PyTorch-Nightly during last week of December are warned to uninstall it and torchtriton immediately. The good news is those who use PyTorch stable package were not impacted by this problem.
The open-source Python-based machine learning framework discovered the malicious dependency on December 30th. A valid dependency named torchtriton’s malware-infected copy was uploaded to the Python Package Index (PyPI) code repository as part of the supply chain attack. Users had no way to differentiate the legitimate dependency from the malicious one, which is designed to exfiltrate system information.
Is Your System Affected by Malicious Torchtriton Version?
If you suspect your Python environment might have been impacted, you should check it by running this command, suggested by the PyTorch team. The result will be revealed immediately:
python3 -c “import pathlib;import importlib.util;s=importlib.util.find_spec(‘triton’); affected=any(x.name == ‘triton’ for x in (pathlib.Path(s.submodule_search_locations[0] if s is not None else ‘/’ ) / ‘runtime’).glob(‘*’));print(‘You are {}affected’.format(” if affected else ‘not ‘))”
To uninstall the malicious version, as advised, use the command:
$ pip3 uninstall -y torch torchvision torchaudio torchtriton
$ pip3 cache purge
What`s at Risk for the Supply Chain Attack Victims?
Once installed, the fake torchtriton will try to get your IP address, username, and current working directory, but it will also go after more sensitive data regarding your system:
- nameservers from /etc/resolv.conf
- hostname from gethostname()
- current username from getlogin()
- current working directory name from getcwd()
- environment variables
The malicious binary also
Reads the following files
- /etc/hosts
- /etc/passwd
- The first 1,000 files in $HOME/*
- $HOME/.gitconfig
- $HOME/.ssh/*
After obtaining all this data, threat actors use encrypted DNS queries, through wheezy.io DNS server, to upload it on the h4ck.cfd domain.
In order to mitigate the impact of the attack, PyTorch removed torchtriton as a dependency and put pytorch-triton instead. A dummy package was also registered on PyPI.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.