Ultralytics AI Library Hit by Supply Chain Attack: 60 Million Downloads Compromised
Cybersecurity researchers at ReversingLabs have detailed a supply chain attack on the popular AI library, Ultralytics, which has over 60 million downloads on PyPI. The attack, disclosed on December 4, involved a malicious version (8.3.41) of the library that was rigged to deploy the XMRig cryptocurrency miner. This compromise was orchestrated through a sophisticated exploit targeting GitHub Actions scripts.
According to the report, the attackers exploited a known GitHub Actions Script Injection vulnerability, enabling them to achieve arbitrary code execution within the build environment of Ultralytics. “Malicious actors managed to compromise the build environment related to the mentioned project and injected the malicious code after the code review part of the process was finished,” ReversingLabs detailed.
The attackers used a GitHub user account, openimbot, to create malicious pull requests, embedding payload code in branch names. This triggered backdoor access to the compromised environment, leading to the injection of downloader code for the XMRig coinminer.
One of the most alarming aspects of this incident was mishandling the mitigation process. Version 8.3.42, released as a “safe” update on December 5, inadvertently contained the same malicious code as version 8.3.41. It wasn’t until later that day that version 8.3.43 was released, resolving the issue.
The malware, embedded in key files like downloads.py and model.py, demonstrated platform-specific behaviors to adapt payload delivery based on the target system. “The code designed to download platform-specific payload is visible,” the report noted.
Behavioral analysis also revealed filesystem-related changes and a payload designed to mine cryptocurrency using the victim’s computational resources. While the impact in this instance was limited to crypto mining, experts warned of the potential for deploying more destructive malware, such as backdoors or remote-access trojans.
