PyTorch incident disclosed, assessed.

A threat actor carried out a supply chain attack against the open-source machine-learning framework PyTorch, BleepingComputer reports.

Supply chain attack through PyPI.

The attacker uploaded a dependency to the Python Package Index (PyPI) that had the same name as one of PyTorch’s dependencies. PyTorch said in a statement that the malicious package was live between December 25th and December 30th:

“At around 4:40pm GMT on December 30 (Friday), we learned about a malicious dependency package (torchtriton) that was uploaded to the Python Package Index (PyPI) code repository with the same package name as the one we ship on the PyTorch nightly package index. Since the PyPI index takes precedence, this malicious package was being installed instead of the version from our official repository. This design enables somebody to register a package by the same name as one that exists in a third party index, and pip will install their version by default. This malicious package has the same name “torchtriton” but added in code that uploads sensitive data from the machine.”

Industry comment on the PyPi incident.

Javed Hasan, CEO of Lineaje, offered the following comments on the incident:

“PyTorch’s malicious dependency chain compromise over the holidays is the latest example of how frameworks built on ‘open source’ software need to be continuously analyzed for risks, as hidden risks could be lurking within. Luckily, PyTorch went public with the compromise-kudos to them. Will every open source supplier go public given they are not compelled to do so? We need modern Supply Chain tamper detection tools that help companies analyze the software supply chain and avoid deployment of unknown and malicious components hidden inside, protecting not only their reputation and company data – but their customers as well.”