Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner.

The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures secure publication workflow for the Ultralytics package."

The project maintainer, Glenn Jocher, confirmed on GitHub that the two versions were infected by malicious code injection in the PyPI deployment workflow after reports emerged that installing the library led to a drastic spike in CPU usage, a telltale sign of cryptocurrency mining.

The most notable aspect of the attack is that bad actors managed to compromise the build environment related to the project to insert unauthorized modifications after the completion of the code review step, thus leading to a discrepancy in the source code published to PyPI and the GitHub repository itself.

"In this case intrusion into the build environment was achieved by a more sophisticated vector, by exploiting a known GitHub Actions Script Injection," ReversingLabs' Karlo Zanki said, adding the issue in "ultralytics/actions" was flagged by security researcher Adnan Khan, according to an advisory released in August 2024.

This could allow a threat actor to craft a malicious pull request and to enable the retrieval and execution of a payload on macOS and Linux systems. In this instance, the pull requests originated from a GitHub account named openimbot, which claims to be associated with the OpenIM SDK.

ComfyUI, which has Ultralytics as one of its dependencies, said it has updated ComfyUI manager to warn users if they are running one of the malicious versions. Users of the library are advised to update to the latest version.

"It seems that the malicious payload served was simply an XMRig miner, and that the malicious functionality was aimed at cryptocurrency mining," Zanki said. "But it is not hard to imagine what the potential impact and the damage could be if threat actors decided to plant more aggressive malware like backdoors or remote access trojans (RATs)."