PyTorch Framework compromised with dependency confusion attack
Reading Time: 3 Minutes
The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a dependency confusion attack.
“PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary,” the PyTorch team said in an alert over the weekend.
PyTorch, analogous to Keras and TensorFlow, is an open source Python-based machine learning framework that was originally developed by Meta Platforms.
The PyTorch team said that it became aware of the malicious dependency on December 30, 4:40 p.m. GMT. The supply chain attack entailed uploading the malware-laced copy of a legitimate dependency named torchtriton to the Python Package Index (PyPI) code repository.
See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course
Since package managers like pip check public code registries such as PyPI for a package before private registries, it allowed the fraudulent module to be installed on users’ systems as opposed to the actual version pulled from the third-party index.
The rogue version, for its part, is engineered to exfiltrate system information, including environment variables, the current working directory, and host name, in addition to accessing the following files –
- /etc/hosts
- /etc/passwd
- The first 1,000 files in $HOME/*
- $HOME/.gitconfig
- $HOME/.ssh/*
In a statement shared with Bleeping Computer, the owner of the domain to which the stolen data was transmitted claimed it was part of an ethical research exercise and that all the data has since been deleted.
As mitigations, torchtriton has been removed as a dependency and replaced with pytorch-triton. A dummy package has also been registered on PyPI as a placeholder to prevent further abuse.
“This is not the real torchtriton package but uploaded here to discover dependency confusion vulnerabilities,” reads a message on the PyPI page for torchtriton. “You can get the real torchtriton from https://download.pytorch[.]org/whl/nightly/torchtriton/.”
Trending: Offensive Security Tool: OrbitalDump
The development also comes as JFrog disclosed details of another package known as cookiezlog that has been observed utilizing anti-debugging techniques to resist analysis, marking the first time such mechanisms have been incorporated in PyPI malware.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
