Ultralytics, a leading AI and computer vision company known for its YOLO object detection model, recently experienced a significant security breach. The incident affected versions 8.3.41 and 8.3.42 of their software distributed through the Python Package Index (PyPI).
The compromised versions deployed cryptocurrency miners on users’ devices, leading to Google Colab account bans due to “abusive activity.” The malware installed an XMRig Miner at ‘/tmp/ultralytics_runner,’ connecting to a mining pool at “connect.consrensys[.]com:8080.”
Impact and Reach:
– Affected popular dependencies including SwarmUI and ComfyUI
– Library has 33,600 GitHub stars and 6,500 forks
– Over 260,000 PyPI downloads in 24 hours
Response and Resolution:
– Compromised versions immediately removed from PyPI
– Clean version 8.3.43 released as replacement
– Full security audit initiated
– Additional safeguards being implemented
Investigation reveals the breach likely originated from two malicious pull requests submitted by a user in Hong Kong. The extent of data compromise beyond crypto mining remains unclear.
Recommendations:
– Users who downloaded affected versions should perform system scans
– Update to version 8.3.43
– Wait for formal advisory regarding breach details
The company continues investigating the root cause and potential vulnerabilities in their build environment.