Attackers have compromised Ultralytics YOLO packages published on PyPI, the official Python package index, by compromising the build environment of the popular library for creating custom machine learning models. The malicious code deployed cryptocurrency mining malware on systems that installed the package, but the attackers could have delivered any type of malware.
According to researchers from ReversingLabs, the attackers leveraged a known exploit via GitHub Actions to introduce malicious code during the automated build process, therefore bypassing the usual code review process. As a result, the code was present only in the package pushed to PyPI and not in the code repository on GitHub.
The trojanized version of Ultralytics on PyPI (8.3.41) was published on Dec. 4. Ultralytics developers were alerted Dec. 5, and attempted to push a new version (8.3.42) to resolve the issue, but because they didn’t initially understand the source of the compromise, this version ended up including the rogue code as well. A clean and safe version (8.3.43) was eventually published on the same day.