A compromised version of the popular Ultralytics AI library has been found to deliver a cryptocurrency -mining payload.
Reversinglabs researchers have traced the problem to a violation of the build -of -the -life environment of the library, which was used by a well -known Github actions script injection -vulnerability.
On December 4, version 8.3.41 of Ultralytics was published on the Python Package Index (PYPI). This version contained malignant code that the XMRIG Coin Miner downloaded. The attackers used an advanced technique to inject malignant payloads into the repository and to bypass code reviews.
‘Unlike The recent compromise of a trusted NPM package @solana/web3.js […]who also had a similar impact radius, but was caused by a compromise of one of the maintenance accounts, in this case infringement was reached by a more advanced vector, by exploiting a well -known Github action injection that was previously reported by the security investigator Adnan Khan.
In particular, the attackers have made Pull requests with code embedded in branch titles, allowing them to achieve random code version.
The infringement had the potential to influence a huge user base, because Ultralytics has more than 30,000 stars on Github and almost 60 million downloads on PYPI. The problem was exacerbated when a follow -up version, 8.3.42, was released to tackle the problem, also wore the same malignant code. A clean version, 8.3.43, was finally made available later that day.
While the malicious code mainly used a cryptocurrency mini worker, researchers noted that the same vector could have been used to distribute more harmful malware, such as backdoors or trojans remotely. The compromised code specifically targeted downloads.py and model.py, with tailor -made functionality to evaluate system configurations and deliver platform -specific payloads.
Read more about Software Supply Chain Security Risks: CISA insists on improvements in the transparency of the American software Supply Chain
The attack was linked to a Github account called Openimbot, which had a suspicious activity pattern that suggests a possible account takeover. The methodology of the attackers included embedding the payload code in branch names, which made back door access to the environment possible through manufactured pull applications.