Malicious PyPI Package 'torch-utils' Steals AWS Credentials and SSH Keys from AI Developers
Overview
A malicious typosquatted package named `torch-utils` was discovered on the Python Package Index (PyPI). The package targeted AI and Machine Learning developers by masquerading as a utility library for the popular PyTorch framework. The package contained a malicious payload embedded within its `setup.py` file, which is automatically executed upon installation via `pip install`. Once executed, the malware scanned the user's home directory for sensitive files, specifically targeting AWS credentials (`~/.aws/credentials`), SSH private keys (`~/.ssh/id_rsa`), and Kubernetes configuration files (`~/.kube/config`). Upon finding these files, the script would exfiltrate their contents to a remote, attacker-controlled server via a hardcoded HTTPS endpoint. This type of supply chain attack is particularly effective against developers who may misspell a legitimate package name or install a dependency without proper vetting. The impact is severe, potentially leading to the compromise of cloud infrastructure, source code repositories, and production servers. The package was active for several weeks and downloaded hundreds of times before being identified and removed by the PyPI security team following reports from the community.
Affected Systems
Testing Guide
1. Review your project's `requirements.txt`, `pyproject.toml`, or other dependency files for any suspicious or misspelled package names. 2. Run `pip list` in your virtual environment and manually inspect the packages for anything you don't recognize. 3. Execute a dependency scanner against your project: `pip-audit -r requirements.txt`. 4. Check build logs for unusual network activity during `pip install` steps, especially connections to unknown domains.
Mitigation Steps
1. **Pin Dependencies**: Use dependency management tools like `Poetry` or `pip-tools` to pin package versions and use cryptographic hashes to ensure integrity (`requirements.txt` with `--hash` flags). 2. **Audit Dependencies**: Regularly scan project dependencies for known vulnerabilities and malicious packages using tools like `pip-audit`, Snyk, or Trivy. 3. **Use Virtual Environments**: Always install packages within isolated virtual environments to limit the potential blast radius of a malicious package. 4. **Restrict Permissions**: Run development and CI/CD processes with the lowest possible privileges to prevent malicious installation scripts from accessing sensitive system-wide files.
Patch Details
The malicious package 'torch-utils' was removed from the PyPI registry upon discovery.