Popular Python AI library Ultralytics compromised with a crypto miner

In partnership with

I am getting sick and tired of Python Package Index (PyPI) being used as a malware pipeline. In the latest supply-chain violation, the popular AI/computer vision library Ultralytics, known for its YOLO (You Only Look Once) object detection model, fell victim to a sophisticated supply-chain attack.

Ultralytics, for those of you who don't know the library, is used in all kinds of applications. These range from the obvious—finding objects in a video stream, satellite surveillance, and autonomous driving—to the obscure—crop and livestock monitoring and wildlife surveying. So, it's no surprise that when there's a new release, the library has had over 260,000 downloads from PyPI in a single 24-hour period.

Thus, it was bad news with a capital B when the software supply chain security company ReversingLabs found malicious attackers had compromised its build environment. The result? The new version 8.3.41 contained malicious code that, once installed, would deploy a cryptocurrency miner.

The good news was that the project maintainers caught it and immediately released a patched version, 8.3.42. The bad news was that they hadn't caught the real problem. So, the "fixed" edition came with the same trojan hidden inside. At least this time, they quickly realized they hadn't really fixed the problem. So, on the same day, the maintainers released a clean version, 8.3.43. 

This happened because the attackers had exploited a known vulnerability in GitHub Actions that enabled the attacker to inject malicious code during the automated build process. This clever maneuver bypassed the usual code review safeguards, as the malicious code was only present in the package pushed to PyPI, not in the GitHub repository itself.

The impact was immediate and widespread. Users who installed the compromised versions experienced sudden spikes in CPU usage, a telltale sign of cryptocurrency mining activity. The Ultralytics team, led by founder and CEO Glenn Jocher, quickly sprang into action upon receiving reports of the suspicious behavior.

This incident sent shockwaves through Ultralytics's community. It also highlighted the potential for software supply chains to be abused and served as a stark reminder of the potential for seemingly trustworthy packages to be weaponized, potentially affecting millions of users and systems worldwide.

The Ultralytics compromise underscored the need for enhanced security measures in package distribution and the importance of vigilance in the open-source ecosystem. It's yet another cautionary tale that we can't just trust our dependencies, no matter how reliable they've been in the past. Instead, we must verify every last lousy update before pushing any outside code into production. 

I wish it weren't that way, but it is what it is. 

Other noteworthy Linux and open-source stories:

• The next LTS Linux kernel is no surprise but it is packed with goodies

• Jim Zemlin, 'head janitor of open source,' marks 20 years at Linux Foundation

• Nearly half of Gen AI adopters want it open source - here's why

Securing top talent with our guide is a click away

• Finding and attracting global talent

• Processing international payroll on time

• Staying compliant with employment & tax laws abroad

Get the Guide