A compromised version of the popular ultralytics AI library has recently been discovered to contain a cryptocurrency mining payload. The issue was identified by researchers at ReversingLabs, who found that the library’s build environment had been breached, allowing attackers to inject malicious code.
The compromised version, 8.3.41, was released on the Python Package Index (PyPI) on December 4. This version included code that downloaded the XMRig coin miner onto users’ systems. The attackers were able to bypass code reviews by exploiting a known GitHub Actions script injection vulnerability.
Unlike a recent incident involving the compromise of the npm package @solana/web3.js, which was caused by a breach of maintainer accounts, the ultralytics compromise was the result of a more sophisticated vector. The attackers used a technique that involved embedding malicious payloads into branch titles, enabling them to execute arbitrary code.
The compromised version of ultralytics had the potential to affect a large number of users, as the library has over 30,000 stars on GitHub and nearly 60 million downloads on PyPI. A subsequent release, version 8.3.42, was also found to contain the same malicious code. It wasn’t until version 8.3.43 was released later that day that a clean version of the library was made available.
While the primary payload in the compromised code was a cryptocurrency miner, researchers noted that the same vector could have been used to distribute more harmful malware, such as backdoors or remote access Trojans. The malicious code specifically targeted the downloads.py and model.py files, with tailored functionality to assess system configurations and deliver platform-specific payloads.
The attackers responsible for the compromise were linked to a GitHub account named openimbot, which exhibited suspicious activity indicating a possible account takeover. Their method involved inserting payload code into branch names, allowing them to establish backdoor access to the environment through carefully crafted pull requests.
This incident highlights the importance of software supply chain security and the need for developers to remain vigilant against potential vulnerabilities and attacks. By staying informed about the latest security threats and implementing best practices for code review and repository management, developers can help safeguard their projects and protect their users from malicious actors.