In another instance of a software supply chain attack, it has been revealed that two versions of the popular Python artificial intelligence (AI) library called ultralytics were compromised to distribute a cryptocurrency miner.
The affected versions, 8.3.41 and 8.3.42, have already been removed from the Python Package Index (PyPI) repository. A subsequent release has addressed the security issue by ensuring a secure publication workflow for the Ultralytics package.
Glenn Jocher, the project maintainer, confirmed on GitHub that the two compromised versions were injected with malicious code during the PyPI deployment process after reports surfaced that installing the library resulted in a significant increase in CPU usage, indicating cryptocurrency mining activities.
One of the notable aspects of this attack is that threat actors were able to tamper with the build environment associated with the project to make unauthorized changes after the code review stage, causing a discrepancy between the source code published on PyPI and the GitHub repository.
According to Karlo Zanki from ReversingLabs, the intrusion into the build environment was facilitated by exploiting a known GitHub Actions Script Injection in the \”ultralytics/actions\” repository, as highlighted in a statement. The security issue was initially identified by security researcher Adnan Khan in an advisory released in August 2024.
This exploit could enable a threat actor to create a malicious pull request and execute a payload on macOS and Linux systems. In this case, the pull requests were initiated from a GitHub account named openimbot, allegedly associated with the OpenIM SDK.
ComfyUI, which relies on Ultralytics as one of its dependencies, has stated that it has updated its ComfyUI manager to alert users if they are using one of the compromised versions. Users are advised to upgrade to the latest version.
Zanki noted that the malicious payload was a simple XMRig miner aimed at cryptocurrency mining. However, the potential consequences could be severe if threat actors decide to deploy more harmful malware like backdoors or remote access trojans (RATs).