PyTorch-nightly torchtriton dependency compromise

Type

Incident

Actors

❓Unknown

Pub. date

December 31, 2022

Initial access

Supply chain vector

Impact

Supply chain attackData exfiltration

Observed techniques

Package dependency confusion

References

https://pytorch.org/blog/compromised-nightly-dependency/https://www.wiz.io/blog/malicious-pytorch-dependency-torchtriton-on-pypi-everything-you-need-to-know

Status

Stub

Last edited

Oct 8, 2025 12:38 PM

PyTorch-nightly Linux packages installed via pip between December 25th and December 30th, 2022 ran a malicious binary. The malicious binary was introduced by a dependency, torchtriton, that was vulnerable to dependency confusion. The malicious payload gathered system information and files, and exfiltrated them via encrypted DNS queries to *.h4ck[.]cfd. The creator of the copied package has stated they had no malicious intent and have since deleted all the collected data.