Ultralytics AI Library Compromised by Cryptocurrency Miner

2024-12-08

Got you some real good FUD, learn about the dangers of supply chain attacks.

 

In a recent software supply chain attack, two versions of the popular Ultralytics AI library on PyPI were compromised to include a cryptocurrency miner. This was achieved through a malicious code injection in the build environment using a GitHub Actions Script Injection, allowing unauthorized modifications post-code review. The affected versions, 8.3.41 and 8.3.42, have been removed, and a security fix has been implemented. Users are advised to update to the latest version to ensure security.

 

Key Facts

Risks:

Supply Chain, Open Source, Git/Repo Breach, Malware

Keywords:

Ultralytics, PyPI, cryptocurrency miner, supply chain attack, GitHub Actions, open source security

CVE:

N/A

Affected:

Ultralytics AI library, PyPI, GitHub, ComfyUI

 

Article Body

Ultralytics AI Library Compromised

In a recent software supply chain incident, two versions of the widely-used Ultralytics AI library were compromised. This breach involved the introduction of a cryptocurrency miner into versions 8.3.41 and 8.3.42 of the library available on the Python Package Index (PyPI). These compromised versions have since been removed.

How the Compromise Occurred

The attack involved a sophisticated method where malicious actors exploited a vulnerability in the build environment. Specifically, they used a GitHub Actions Script Injection to insert unauthorized code. This allowed them to modify the package after the code review process, leading to a discrepancy between the source code on GitHub and what was published on PyPI.

Indicators of Compromise

Users of the affected library versions noticed a significant increase in CPU usage, a common sign of cryptocurrency mining activities. This triggered further investigation, which revealed the malicious code injection.

Attack Vector

The attackers managed to execute this breach by crafting a malicious pull request. This was facilitated by a GitHub account named openimbot, which claimed to be associated with the OpenIM SDK. The attack targeted macOS and Linux systems, enabling the retrieval and execution of the payload.

Response and Mitigation

Following the discovery of the compromise, the affected versions were promptly removed from PyPI. A new version was released, incorporating a security fix to ensure a more secure publication workflow.

Recommendations for Users

Users of the Ultralytics library are advised to update to the latest version to avoid potential security risks. Additionally, ComfyUI, a project dependent on Ultralytics, has updated its manager to alert users if they are running any of the compromised versions.

 

Read More

https://thehackernews.com/2024/12/ultralytics-ai-library-compromised.html?m=1