Highlights

  • A security breach was found in the PyTorch machine learning framework, PyPI, which is believed to have been downloaded more than 2,300 times.
  • The malware was designed to attack and hack passwords and steal SSH keys from all the computers where it is installed.

A hacker has tricked a few PyTorch machine learning framework users into downloading malware as the company BleepingComputer reported on Sunday.

PyTorch is a popular open-source tool that works for developing artificial intelligence models. Developers utilize the tool to create neural networks, train and perform related tasks. The company was originally released by Meta Platforms Inc. In 2016 and is now under Linux Foundation.

The developers of PyTorch identified a security breach last Friday. It did not affect the code base, but it surely affected a service called PyPI that hosts third-party extensions to the AI development tool. A hacker uploaded a malicious extension to PyPI which seems to have been downloaded multiple times by users (approx 2,300 times).

The malicious program had the same file name as a legitimate PyTorch extension, which is why users downloaded it accidentally. Later, developers changed its name to prevent additional downloads.

In a Dec. 31 blog post, the developers stated, “This malicious package was being installed instead of the version from our official repository. This malicious package has the same name torchtriton but added in code that uploads sensitive data from the machine.”

According to BleepingComputer, the malware is meant to steal passwords and SSH keys from computers on which it is installed. Developers utilize SSH keys, a series of characters like a password, to access the cloud environments used by their organizations. Not only keys and passwords, but the malicious file can also steal other type of data such as technical information about developers’ computers.

Some antivirus programs open newly downloaded files in an isolated virtual machine before allowing them to run on the user’s device. By opening files, the antivirus detects if it is malicious or not. According to the developers of PyTorch, the malicious extension has a mechanism that recognizes when it is opened in a virtual machine and takes action to evade detection.

The scope of a security breach was less as it affected PyTorch-nightly. It is a version of the AI tools with new features still in development and a limited user base. The malicious file was not included by default in PyTorch downloads; it had to be installed separately.

PyTorch extension is a new release guiding people to remove malicious files. It includes a series of command line instructions that software teams can run to detect and delete the extension.