Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner.
The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures secure publication workflow for the Ultralytics package."
The project maintainer, Glenn Jocher, confirmed on GitHub that the two versions were infected by malicious code injection in the PyPI deployment workflow after reports emerged that installing the library led to a drastic spike in CPU usage, a telltale sign of cryptocurrency mining.
The most notable aspect of the attack is that bad actors managed to compromise the build environment related to the project to insert unauthorized modifications after the completion of the code review step, thus leading to a discrepancy in the source code published to PyPI and the GitHub repository itself.
"In this case intrusion into the build environment was achieved by a more sophisticated vector, by exploiting a known GitHub Actions Script Injection," ReversingLabs' Karlo Zanki said, adding the issue in "ultralytics/actions" was flagged by security researcher Adnan Khan, according to an advisory released in August 2024.
This could allow a threat actor to craft a malicious pull request and to enable the retrieval and execution of a payload on macOS and Linux systems. In this instance, the pull requests originated from a GitHub account named openimbot, which claims to be associated with the OpenIM SDK.
ComfyUI, which has Ultralytics as one of its dependencies, said it has updated ComfyUI manager to warn users if they are running one of the malicious versions. Users of the library are advised to update to the latest version.
"It seems that the malicious payload served was simply an XMRig miner, and that the malicious functionality was aimed at cryptocurrency mining," Zanki said. "But it is not hard to imagine what the potential impact and the damage could be if threat actors decided to plant more aggressive malware like backdoors or remote access trojans (RATs)."
Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data
Anna Jaques Hospital ransomware breach exposed data of 300K patients
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
CWE-579 J2EE Bad Practices: Non-serializable Object Stored in Session
CWE-1264 Hardware Logic with Insecure De-Synchronization between Control and Data Channels
CWE-1042 Static Member Data Element outside of a Singleton Class Element
CWE-1049 Excessive Data Query Operations in a Large Data Table
CWE-565 Reliance on Cookies without Validation and Integrity Checking
LowCWE-379 Creation of Temporary File in Directory with Insecure Permissions
Free online web security scanner