The PyTorch team is urging users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022 to uninstall the framework and use the latest nightly binaries (newer than Dec 30th 2022).
PyTorch is an open source machine learning framework based on the Torch library, used for applications such as computer vision and natural language processing, originally developed by Meta AI and now part of the Linux Foundation umbrella.
The warning comes following the discovery of a malicious dependency with the same name as the framework's 'torchtriton' library.
“PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices,” the maintainers said in a security advisory, adding that users of the PyTorch stable packages are not affected by this issue.
The malicious binary was designed to be executed when the Triton package was imported. Upon execution, the malicious code would steal sensitive data from the victim’s machine.
“The binary’s file upload functionality is limited to files less than 99,999 bytes in size. It also uploads only the first 1,000 files in $HOME (but all files < 99,999 bytes in the .ssh directory),” the team noted.
Torchtriton has since been removed as a dependency and replaced with pytorch-triton. A dummy package has also been registered on PyPI to prevent similar attacks. The team removed all nightly packages that depend on Torchtriton from their package indices, and notified PyPi about the incident.