Malicious torchtriton Hijacks PyTorch: How a Supply‑Chain Attack Stole Linux Data

All users who installed the nightly PyTorch build on Linux between Dec 25‑30 2022 were urged to uninstall immediately.

The warning comes from an official PyTorch statement that a malicious dependency named "torchtriton" was uploaded to PyPI, mimicking the legitimate torchtriton library.

The malicious package contains code that exfiltrates IP addresses, current working directory, hostnames, usernames, and SSH keys, and includes a harmful Triton binary.

Because the package name matches the official one, PyPI’s priority rules caused the fake torchtriton to be installed by default, constituting a supply‑chain attack.

Users can check whether they are affected by searching for the malicious binary in the installed package directory (PYTHON_SITE_PACKAGES/triton/runtime/triton).

PyTorch responded by renaming the dependency to "pytorch‑triton" and publishing a virtual package on PyPI to block future hijacks, and they urged affected users to uninstall the compromised version and upgrade.

Investigations traced the data‑exfiltration domain to a newly registered domain, and the attacker claimed the activity was for "ethical research," though no official comment has been made by PyTorch.

Regarding SSH keys, Linux has certain vulnerabilities, while iOS and Android do not allow Python packages to steal them; the best mitigation is to apply the principle of least privilege and consider having the package audited.