March 26, 2023

PyTorch is one of the most popular and widely-used machine learning toolkits out there.

Initially released as an open-source project by Meta, and was handed over to the Linux Foundation in late 2022, which now runs it under the aegis of the PyTorch Foundation.

PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the PyPI code repository and ran a malicious binary.


The project was compromised by means of a supply-chain attack during the holiday season at the end of 2022, between Christmas Day [2022-12-25] and the day before New Year’s Eve [2022-12-30].

To check if Python package is malvertised below, command can be used

python3 -c "import pathlib;import importlib.util;s=importlib.util.find_spec('triton'); affected=any( == 'triton' for x in (pathlib.Path(s.submodule_search_locations[0] if s is not None else '/' ) / 'runtime').glob('*'));print('You are {}affected'.format('' if affected else 'not '))"

Mitigation steps taken

  • torchtriton has been removed as a dependency for nightly packages and replaced with pytorch-triton
  • All nightly packages that depend on torchtriton have been removed from package indices
  • Proper ownership has been sought of the  torchtriton  package on PyPI and to delete the malicious version

IOC – 2385b29489cd9e35f92c072780f903ae2e517ed422eae67246ae50a5cc738a0e

1 thought on “PyTorch Malvertised

Leave a Reply

%d bloggers like this: