pytorch machine learning framework compromised

PyTorch Machine Learning Framework Compromised with Malicious Dependency

The PyTorch team has issued a warning to users who installed PyTorch-nightly over the holidays, advising them to uninstall the framework and the counterfeit ‘torchtriton’ dependency.

Originally developed and released as an open-source project by Facebook, now Meta, the software was handed over to the Linux Foundation in late 2022, which now runs it under the aegis of the PyTorch Foundation.

The warning follows the appearance of the ‘torchtriton’ dependency on the Python Package Index (PyPI) registry, which shares the same name as the official PyTorch library published on the PyTorch-nightly report.

How its getting affected?

The malicious ‘torchtriton’ package not only surveys the victim’s system for basic fingerprinting information but also steals sensitive data. This includes system information such as nameservers, hostname, current username, and current working directory, as well as environment variables. The package also reads various files, including /etc/hosts, /etc/passwd, and the first 1,000 files in $HOME/, $HOME/.gitconfig, and $HOME/.ssh/.

All of this data, including file contents, is then uploaded to the h4ck.cfd domain via encrypted DNS queries using the wheezy.io DNS server. The malicious ‘triton’ binary contained within the counterfeit ‘torchtriton’ package is only executed when the user imports the ‘triton’ package in their code, which requires explicit action and is not the default behavior of PyTorch.

The malicious ‘torchtriton’ package carried out a number of actions on the victim’s machine, including:

Gathering system information (such as the hostname, username, and current working directory) Reading files such as ‘/etc/hosts’ and ‘/etc/passwd’
Reading the first 1,000 files in the victim’s home directory
Reading the victim’s ‘.gitconfig’ and ‘.ssh’ files
All of this data was then uploaded to the h4ck.cfd domain via encrypted DNS queries using the wheezy.io DNS server.