Development of the machine learning framework pytorch warned users about identifying the substitution of malicious dependence performed when using a package with night assemblies project. The problem only affects the Pytorch-Nightly package, packages with stable releases were not injured. The harmful dependence spread from December 25 to 30, 2022 and was aimed at compromising Linux systems of developers using Pytorch test assemblies.
To commit malicious actions, the attackers used the dependence method and loaded the pypi package torchtriton to the Pypi repository. and package , placed in your own Pytorch repositories and involved in the Pytorch-Nightly package. The essence of the method is that the PIP package manager is trying to load internal dependencies from public repositories and if the package is found in the PYPI repository, he uses it when the package has a newer version number. Thus, when installing
Pytorch-Nightly Pip package manager found a newer Torchtriton package in the PYPI repository and installed it instead of the Pytorch repository of the same name.
The Torchtriton version published by the attacking version was added to launch the executable file (“Python_site_packages/Triton/Runtime/Triton”), which searched and send confidential data from systems operating Linux. Among other things, the attackers sent information about the system (/etc/resolv.conf,/etc/hosts,/etc/passwd, variables of the environment, accounting data), as well as the contents of the $ home/.gitconfig, $ home/** and the first 1000 files in a home directory, less than 100 KB. Data was transmitted through the tunnel organized on top of the DNS (encrypted DNS-stakes were sent to the DNS server attackers).
The developers who installed Pytorch-Nightly or Torchtriton from December 25 to December 30, 2022, are recommended to check their environment for malicious activity. The problem is smoothed out by the fact that the malicious code was launched only when imported Triton package, which is not the behavior of Pytorch by default and requires the use of a certain code. To check the presence of a harmful Torchtriton package, the following command can be used: