An unknown attacker slipped a malicious binary into the PyTorch machine learning project by registering a malicious project with the Python Package Index (PyPI), infecting users’ machines if they downloaded a nightly build between Dec. 25 and Dec. 30.

The PyTorch Foundation stated in an advisory on Dec. 31 that the effort was a dependency confusion attack, in which an unknown entity created a package in the Python Package Index with the same name, torchtriton, as a code library on which the PyTorch project depends. The malicious library included the functions normally used by PyTorch but with a malicious modification: It would upload data from the victim’s system to a server at a now-defunct domain.