Introduction: Another Dependency Attack
Recently, the open-source machine learning community was alerted to a malicious PyTorch dependency, named "torchitron," that was hosted on the Python Package Index (PyPI). PyTorch is a popular and widely used deep learning framework, and the discovery of this malicious dependency is a concerning development for its users. The malicious PyTorch dependency, "torchitron," targeted nightly users by including malicious code in the version hosted on the Python Package Index (PyPI). Nightly users are individuals who use pre-release versions of PyTorch, which are updated on a daily basis.
What is 'Torchitron'?
The malicious code was designed to steal sensitive information, such as access tokens and API keys, from the user's system. It could also potentially download and execute other malicious files. The malware was included in a version of the PyTorch library hosted on PyPI, and it was specifically targeted at nightly users who were using the pre-release version of the software. Before it was identified, over 2,300 downloads of the malicious dependency occurred. It is important to note that PyTorch itself was not affected by this malicious dependency. The issue lies with the third-party library, "torchitron," which was included in an older version of PyTorch. This highlights the importance of keeping software up to date and ensuring that dependencies are secure.
This malware searched the target system for basic information such as IP and username, but continued deeper to exfiltrate more sensitive data like system information and environment variables before uploading an encrypted copy to a command and control server.
What Should Users Do?
Nightly users are more likely to be affected by such attacks as they use software that is in an early stage of development and may not have undergone the same level of security testing as the official release version. As a result, it is important for nightly users to be particularly vigilant about the dependencies they use and to ensure that they are authentic and secure.
The PyTorch team addressed this issue by renaming the malicious dependency from 'torchitron' to 'pytorch-torchitron', and advised users to uninstall 'torchitron' and use a nightly binary published on or after 30 December 2022. You can uninstall the malware by running:
$ pip3 uninstall -y torch torchvision torchaudio torchtriton
$ pip3 cache purge
To protect against such attacks, it is recommended to always use the latest version of software and to verify the authenticity of dependencies before installing them. Additionally, using virtual environments and security tools such as intrusion detection systems can help to reduce the risk of attacks.
Conclusion
This discovery of the malicious "torchitron" dependency serves as a reminder of the importance of security in the software development process. It is crucial to prioritize security in order to ensure that applications and software technologies can be used safely and effectively. By being vigilant about the dependencies used and keeping software up to date, users can protect themselves and their systems from potential harm.
Try Packagecloud
Using Packagecloud to host your software artifacts can reduce your risk to software supply chain attacks. Start a trial today or reach out to us at support@packagecloud.io to learn more!
