Compromised PyTorch-Nightly

[upnorth]

Content source

https://pytorch.org/blog/compromised-nightly-dependency/

If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022).

$ pip3 uninstall -y torch torchvision torchaudio torchtriton
$ pip3 cache purge

PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices. NOTE: Users of the PyTorch stable packages are not affected by this issue.

The following command searches for the malicious binary in the torchtriton package (PYTHON_SITE_PACKAGES/triton/runtime/triton) and prints out whether your current Python environment is affected or not.

python3 -c "import pathlib;import importlib.util;s=importlib.util.find_spec('triton'); affected=any(x.name == 'triton' for x in (pathlib.Path(s.submodule_search_locations[0] if s is not None else '/' ) / 'runtime').glob('*'));print('You are {}affected'.format('' if affected else 'not '))"

The malicious binary is executed when the triton package is imported, which requires explicit code to do and is not PyTorch’s default behavior.

Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022. – PyTorch

pytorch.org

 

[Stopspying]

PyTorch discloses malicious dependency chain compromise over holidays

PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector.

www.bleepingcomputer.com

 

[plat]

Follow-up--but needs a little confirming?

Spoiler

 

[upnorth]

Follow-up--but needs a little confirming?

Fully agree on that part as vx-underground being weird again and confirm that someone, left an excuse?

The nasty part in this story is that personal data was confirmed stolen, and how can those be trusted deleted and not shared elsewhere? Because he says so!?

 

[upnorth]

Not everyone else thankfully buys this weird confirmation. Also, no reply when real genuine professionals ask!? Another bump for vx-underground, but that's their own fault. Personal I already stopped trust their tweets/shares.