According to a report published by BleepingComputer, a hacker duped some PyTorch machine-learning framework users into installing malware.
Popular open-source software called PyTorch is used to create AI models. The tool is used by programmers to build new neural networks, train them, and carry out related activities. In 2016, Meta Platforms Inc. first made PyTorch available; today, the Linux Foundation is in charge of its administration.
The PyTorch developers discovered a security hole. The service PyPI, which contains third-party extensions to the AI development tool PyTorch, was the target of the breach rather than the core PyTorch code. A malicious extension that was published to PyPI by a hacker is thought to have been downloaded by users more than 2,300 times.
Due to the malicious program’s file name’s similarity to a real PyTorch extension, some users unintentionally downloaded it. The creators of PyTorch renamed the authentic extension that the malicious program resembled in order to stop further downloads.
In place of the version from the developers’ official repository, this malicious package was installed. Although it bears the same name as torchtriton, this malicious software contains code that uploads private information from the machine.
The malware, according to BleepingComputer, is made to steal SSH keys and passwords from systems where it has been installed. Developers utilize SSH keys, a string of characters like a password, to access the cloud environments used by their organizations. According to reports, the malicious code can also access different kinds of data, like technical data about developers’ computers.
Before enabling newly downloaded files to execute on a user’s device, some antivirus systems open them in a separate virtual machine. An antivirus can more quickly identify whether files are potentially harmful by opening them. According to reports, the malicious extension discovered by PyTorch’s creators has a mechanism that can recognize when it is opened in a virtual machine and take precautions to escape detection.
Because PyTorch-nightly, a version of the AI tool with new capabilities still in development and a small user base, was impacted, the security breach’s reach was constrained. Additionally, the malicious file had to be installed individually and wasn’t automatically downloaded with PyTorch.
A removal manual for the malicious PyTorch extension has been made available by the PyTorch developers. Software teams can use the command line instructions in the guide to find the extension and remove it.