Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library

Posted by j12y 15 hours ago

Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library(semgrep.dev)

375 points | 127 commentspage 3

fnoef 12 hours ago|

Looks like coding is in a downward spiral towards complete chaos

SupLockDef 11 hours ago|

When I was a kid, we've been told to be cautious with third party dependencies, that code can do anything and it's a risk to evaluate.

With the new generation of yolo NPM scripters, they simply don't evaluate the risks. They will even fight back telling you that it's the way of doing things.

In reality, it's the warning we learnt back then, that's the result of be mindlessly importing third dependencies without thinking.

In other words, the risks were always there, the new "modern way", let's put it that way, doesn't put the effort anymore.

andrekandre 4 hours ago||

  > that's the result of be mindlessly importing third dependencies without thinking

tbf, most tech-related corporate environments don't want you to think, just do (kpi, mbo, okr et al) and this is one of the results

sieve 12 hours ago||

I find this constant churn in the software world to be tiresome. I get it if there is a security update. Or you are building something new; it takes time and a series of updates to reach feature parity on 1.0. But most software is not like that. All these online registries make the problem worse. Any random tool installation pulls in 300 different dependencies.

This is why I have been building, for my own usecases, a new language + compiler + vm that is completely source based. The compiler does not understand linking. You must vendor every single dependency you use, including the standard library, so that it makes its way into the bytecode. The register VM itself is a few thousand lines of freestanding C. Any competent programmer can audit it over a weekend.

v1 deliberately keeps FFI (outside of a bounded set of linux syscalls) outside the current spec as libc has the habit of infecting everything it touches and I want to keep Vm0 freestanding. The last time I compiled the VM, it produced a 70KB binary and supported a loader with structural verification, the entire instruction set using a threaded interpreter, a simple Cheney+MS GC, concurrency via an Erlang-style M:N scheduler working on a single thread, and 20-odd marshaled functions.

Most software in the world does not need anything more than this. Everyone acts as if they are building the next Google.

ashishb 11 hours ago||

Always run third party code inside a sandbox

rvz 14 hours ago||

Shai-Hulud strikes again and continues to turn innocent packages into zombies.

Think twice before looking at a package and most importantly, always pin your dependencies.

pixel_popping 13 hours ago|

Yeah, pin the malware :p

rvz 12 hours ago||

Nope. Those on pinned versions don't get the malware.

You would have to publish the infected package first to infect others who haven't pinned their dependencies. With a simple pip install -U, and if the dependency is not pinned, then they will get the vulnerable version.

lysace 11 hours ago||

Is there some string to recursively grep for to know if you have been infected?

andymcsherry 9 hours ago|

Andy from Lightning here. The malicious file that gets installed has this signature:

  router_runtime.js

  SHA256 5f5852b5f604369945118937b058e49064612ac69826e0adadca39a357dfb5b1
  SHA1 f1b3e7b3eec3294c4d6b5f87854a52471f03997f
  MD5 40d0f21b64ec8fb3a7a1959897252e09

lysace 8 hours ago||

Thanks!

0xbadcafebee 14 hours ago||

something something Safety Requires A Building Code something thing

csvance 13 hours ago|

Shai-Hulud dug my 100 ft trench. Should be OSHA compliant right?

silverwind 11 hours ago||

Maybe now people can stop blaming npm and realize none of these unreviewed package ecosystem are safe.

doublerabbit 8 hours ago||

Am I the only one who thought that by using github links for an dependency source is not a wise thing to do?

Do folk not understand that by doing so, you're enabling modules to maliciously write themselves in to your code?

Dorrell 1 hour ago|

[dead]

More comments...