Unknown attackers have compromised a package in the Python PyPI registry, injecting a malicious binary into it, the maintainers of the open source machine learning framework PyTorch are warning.
The compromised package is torchtriton, which is part of the Triton language and compiler which is used for writing custom deep-learning primitives.
PyTorch maintainers said the compromised dependency affected the nightly release of their code, but not the stable packages.
The compromised torchtriton dependency would gather system information such as nameservers, the logged in username, working directory and operating system environment variables.
It would also read system and files in the user's home directory, and upload the information to an attacker-controlled server via encrypted domain name system (DNS) queries.
Users who installed PyTorch-nightly between December 26 and December 31 Australian time are advised to uninstall the torch, torchvision, torchaudio and torchtriton packages, and use newer binaries instead.
The torchtriton package has been replaced as a dependency for PyTorch with pytorch-triton, and a dummy binary registered on PyPI to avoid a repeat of the issue.
According to security vendor Snyk, torchtriton package receives just over 2700 downloads a week on average, and is not considered to be a popular dependency.
PyTorch said it has contacted the PyPI the security team to get ownership of torchtriton and to delete the malicious version.
The PyPI registry has suffered several supply-chain attacks over the past few years, with malicious code injection.