Ultralytics AI library supply chain compromise results in trojanized versions

Attackers compromised Ultralytics YOLO packages published on PyPI, the official Python package directory, by compromising the build environment of the popular library for creating custom machine learning models. The malicious code released cryptocurrency mining malware on systems that installed the package, but attackers could have delivered any type of malware.

According to researchers from ReversingLabs, attackers used a known exploit with GitHub Actions to launch malicious code during the automated build process, thus bypassing the normal code review process. As a result, the code was only available in a package pushed to PyPI and not in the code repository on GitHub.

A trojanized version of Ultralytics on PyPI (8.3.41) was published on Dec. 4. Ultralytics developers were alerted on Dec. 5, and they tried to push a new version (8.3.42) to solve the problem, but because they didn’t solve it. initially they understood the source of the compromise, this version ended up including the powerful code. A clean and safe version (8.3.43) was finally published that day.


Source link