on december 25th, 2022, a "hacker" (if you even want to give them that much credit) uploaded a package to PyPI called "torchtriton". this package was basically just a copy of a package of the same name hosted on PyTorch's own package index, except it had a couple of basic credential stealers added as well.

frankly, the actual malware isn't that important. the important part is that this should never have happened. the vulnerability that was exploited here (that the PyPI index is always top priority) has been known about for over a year, with official PyPI developers simply saying that it was not a bug, and you should simply never use any of their repos if you want to be secure. isn't that a bit ridiculous?

in the short term, you get more information from the PyTorch blog, which has good info on how to find and remove the malware. i doubt this was a high-skill attack, likely just someone looking to get some keys they could use to leapfrog into some juicier data.

in the long term, it's hard to prevent these sorts of things. perhaps not using PyPI in production at all is a good idea, instead keeping every single package you need stored locally. it's a hassle, but a good security practice that would have prevented this. or maybe PyPI should implement security checks on their systems, instead of just repeatedly letting malware authors upload malicious packages with zero checks, seemingly only caring after the damage was already done. or maybe users should inspect all the code being downloaded and ran before installing things, especially when using a nightly build of a piece of software.

everyone can point fingers and say that someone should have done something better, because most of us were never involved in the first place. in the end, we're all people, and people tend to be stupid and make lots of mistakes.