Security News > 2023 > January > Machine-Learning Python package compromised in supply chain attack
Dec. 31, 2022, the PyTorch machine learning framework announced on its website that one of its packages had been compromised via the PyPI repository.
According to the PyTorch team, a malicious torchtriton dependency package was uploaded to the PyPI code repository on Friday, Dec. 30, 2022, at around 4:40 p.m. The malicious package had the same package name as the one shipped on the PyTorch nightly package index.
Henrik Plate, CISSP and security researcher at Endor Labs, told TechRepublic that "The technique used in the attack is similar to the well-known dependency confusion, and exploits setups where multiple package repositories are used for downloading project dependencies. Depending on the resolution algorithm of the package manager, such as the order in which repositories are contacted, an attacker can make the package manager download his malicious package rather than the legitimate one."
The PyTorch team wrote that the torchtriton dependency has been removed for the nightly packages and replaced by pytorch-triton, and a dummy package was registered on PyPI. This will ensure the same issue does not happen again.
PyTorch also reached PyPI to get proper ownership of the torchtriton package and delete the malicious version.
When asked about it, Henrik Plate told TechRepublic that "This attack vector can be addressed through the use of private repositories to both host internal packages and mirror external packages, e.g., devpi in case of the Python ecosystem. Typically, such solutions allow more control about dependency resolution and package download processes. However, their setup and operation requires non-negligible effort, and they are only effective if local developer clients are properly configured."
News URL
https://www.techrepublic.com/article/pytorch-ml-compromised/
Related news
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)