Ultralytics AI Library Compromised: Cryptocurrency Miner Hidden in PyPI Versions

Supply Chain Attack / Cryptocurrency

The popular Python-based artificial intelligence (AI) library Ultralytics has fallen victim to yet another alarming software supply chain attack. Two versions of the library—8.3.41 and 8.3.42—were compromised to deliver a hidden cryptocurrency miner.

The affected versions have since been removed from the Python Package Index (PyPI) repository. A newer version has been released, incorporating a critical security fix to ensure a secure publication workflow for the Ultralytics package.

What Happened?

Glenn Jocher, the project maintainer, confirmed via GitHub that the attack involved malicious code injected during the PyPI deployment workflow. The breach came to light after users reported unusual spikes in CPU usage, a common indicator of cryptocurrency mining.

Notably, the attack exploited vulnerabilities in the build environment, allowing attackers to modify the package after the code review process. This resulted in discrepancies between the code hosted on GitHub and what was published to PyPI.

How Did They Do It?

According to ReversingLabs' Karlo Zanki, the attackers used a sophisticated method:

• Exploiting GitHub Actions Script Injection: A flaw in the ultralytics/actions workflow was exploited, as identified by security researcher Adnan Khan in August 2024.
• Malicious Pull Requests: Attackers submitted pull requests from a GitHub account named openimbot, which falsely claimed affiliation with the OpenIM SDK.

This allowed the injection of malicious payloads targeting macOS and Linux systems.

Impact on Dependencies

Projects like ComfyUI, which rely on Ultralytics as a dependency, were directly affected. ComfyUI has since updated its package manager to warn users if they are using the compromised versions.

What Was the Payload?

The malicious code deployed an XMRig cryptocurrency miner, used to mine Monero. While this attack focused on mining, experts warn of the potential for far more severe threats, such as:

• Backdoors
• Remote Access Trojans (RATs)

How to Stay Safe?

Users of the Ultralytics library are strongly advised to:

1. Update to the Latest Version: Install the fixed version immediately.
2. Monitor Dependencies: Use tools to verify the integrity of dependencies in your projects.
3. Be Vigilant: Watch for unusual system behavior like increased CPU usage.

Final Thoughts

This incident highlights the growing risks associated with supply chain attacks in software development. Organizations must prioritize implementing secure workflows and continuously auditing dependencies to minimize vulnerabilities.