A Compromised Version of Ultralytics AI Library Found to Deliver Cryptocurrency Mining Payload
A recent discovery by ReversingLabs researchers has revealed that a compromised version of the popular ultralytics AI library was used to deliver a cryptocurrency mining payload. This security breach was traced back to a vulnerability in the library’s build environment, which was exploited through a known GitHub Actions script injection flaw.
Details of the Incident
On December 4, version 8.3.41 of ultralytics was released on the Python Package Index (PyPI) with malicious code that downloaded the XMRig coin miner. The attackers behind this incident employed a sophisticated technique to inject the malicious payloads into the repository, bypassing code reviews and potentially putting a large user base at risk.
Unlike the recent compromise of the npm package @solana/web3.js, which was caused by a compromise of a maintainer account, this breach was the result of intrusion into the build environment through a known GitHub Actions Script Injection vulnerability reported by security researcher Adnan Khan. By crafting pull requests with code embedded in branch titles, the attackers were able to execute arbitrary code.
Potential Impact and Response
Ultralytics, with over 30,000 stars on GitHub and nearly 60 million downloads on PyPI, had the potential to impact a significant number of users. The situation was further exacerbated when version 8.3.42, released to address the issue, also contained the same malicious code. A clean version, 8.3.43, was eventually made available to resolve the issue.
While the compromised code primarily deployed a cryptocurrency miner, researchers warned that the same vector could have been used to distribute more harmful malware, such as backdoors or remote access Trojans. The malicious code specifically targeted downloads.py and model.py, with functionality designed to assess system configurations and deliver platform-specific payloads.
Identification of Attackers
The attack was linked to a GitHub account named openimbot, which exhibited suspicious activity patterns indicating a possible account takeover. The attackers leveraged branch names to embed payload code, enabling them to gain backdoor access to the environment through crafted pull requests.
Conclusion
This incident highlights the critical importance of software supply chain security and the need for constant vigilance to protect against such vulnerabilities. By staying informed about potential threats and maintaining robust security measures, developers and users can help prevent similar compromises in the future.