Ultralytics AI model hijacked to infect thousands with cryptominer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)
Ultralytics is a software development company specializing in computer vision and artificial intelligence (AI), specifically in object detection and image processing.
It's best known for its "YOLO" (You Only Look Once) advanced object detection model, which can quickly and accurately detect and identify objects in video streams in real time.
Ultralytics tools are open-source and are used by numerous projects spanning a wide range of industries and applications.
The library has been starred 33,600 times and forked 6,500 times on GitHub, and it has had over 260,000 over the past 24 hours from PyPI alone.
Ultralytics YOLO11 compromised
Yesterday, Ultralytics 8.3.41 and 8.3.42 were released to PyPi, and users who installed the compromised versions directly or as a dependency discovered that a cryptominer was deployed. For Google Colab accounts, owners got flagged and banned due to "abusive activity."
Ultralytics is a dependency of both SwarmUI and ComfyUI, who both confirmed that fresh installs of their libraries would have led to the installation of the miner.
When installed, the compromised library installs and launches an XMRig Miner at '/tmp/ultralytics_runner' to connect to a minin pool at "connect.consrensys[.]com:8080".
Ultralytics founder and CEO Glenn Jocher confirmed that the issue only impacts those two compromised versions, which have already been pulled and replaced with a clean 8.3.43 version.
"We confirm that Ultralytics versions 8.3.41 and 8.3.42 were compromised by a malicious code injection targeting cryptocurrency mining. Both versions have been immediately removed from PyPI," Jocher posted to GitHub.
"We have released 8.3.43 which addresses this security issue. Our team is conducting a full security audit and implementing additional safeguards to prevent similar incidents."
The developers are currently investigating the root cause, and potential vulnerabilities in the Ultralytics build environment to determine how it was breached.
However, Jocher commented that the compromise appears to originate from two malicious PRs [1, 2]with code injection in the branch names submitted by a user in Hong Kong.
Whether the malicious code solely performed crypto mining or compromised private user data remains unclear, and the community is still awaiting a formal advisory regarding the breach that will provide clarifications on all details.
Out of an abundance of caution, those who downloaded a malicious version of Ultralytics should perform a full system scan.
BleepingComputer has contacted Ultralytics to comment on the situation and learn more about how the supply chain compromise was achieved, but we are still awaiting a response.
Microsoft expands Recall preview to Intel and AMD Copilot+ PCs
Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CWE-536 Servlet Runtime Error Message Containing Sensitive Information
CWE-1420 Exposure of Sensitive Information during Transient Execution
MediumCWE-1007 Insufficient Visual Distinction of Homoglyphs Presented to User
CWE-217 DEPRECATED: Failure to Protect Stored Data from Modification
CWE-794 Incomplete Filtering of Multiple Instances of Special Elements
Free online web security scanner
