Security News > 2023 > January > Machine-Learning Python package compromised in supply chain attack

Dec. 31, 2022, the PyTorch machine learning framework announced on its website that one of its packages had been compromised via the PyPI repository.

According to the PyTorch team, a malicious torchtriton dependency package was uploaded to the PyPI code repository on Friday, Dec. 30, 2022, at around 4:40 p.m. The malicious package had the same package name as the one shipped on the PyTorch nightly package index.

Henrik Plate, CISSP and security researcher at Endor Labs, told TechRepublic that "The technique used in the attack is similar to the well-known dependency confusion, and exploits setups where multiple package repositories are used for downloading project dependencies. Depending on the resolution algorithm of the package manager, such as the order in which repositories are contacted, an attacker can make the package manager download his malicious package rather than the legitimate one."

The PyTorch team wrote that the torchtriton dependency has been removed for the nightly packages and replaced by pytorch-triton, and a dummy package was registered on PyPI. This will ensure the same issue does not happen again.

PyTorch also reached PyPI to get proper ownership of the torchtriton package and delete the malicious version.

When asked about it, Henrik Plate told TechRepublic that "This attack vector can be addressed through the use of private repositories to both host internal packages and mirror external packages, e.g., devpi in case of the Python ecosystem. Typically, such solutions allow more control about dependency resolution and package download processes. However, their setup and operation requires non-negligible effort, and they are only effective if local developer clients are properly configured."

News URL

https://www.techrepublic.com/article/pytorch-ml-compromised/