Technology

Popular Python AI library hacked to deliver malware

December 9, 2024

A PyPI package for an AI model was compromised and used to deliver malware
Victims were getting XMRig, a popular cryptominer, installed
The attack has since been addressed, but users warned to be on their guard

Ultralytics YOLO11, an AI model for computer vision and object detection, was compromised in an apparent supply chain attack, and used to deploy malware on victim devices.

The attack was confirmed by the company’s founder, who also said the incident was remedied, and the malicious version pulled – however, it seems that new malicious versions have popped up again.

YOLO11 (short for You Only Look Once), is an AI model designed for real-time computer vision tasks, such as identifying objects, analyzing images, and detecting poses. The service is quite popular, being starred more than 30,000 times, forked on GitHub more than 6,000 times, and counts hundreds of thousands of downloads a day.

Newer attacks

As an open source solution, YOLO11 was also available for download on PyPI, one of the world’s biggest Python package repositories.

There, an unidentified threat actor recently broke into the account and uploaded two versions – 8.3.41, and 8.3.42. Those who updated to these versions, either directly or through a dependency, ended up with a cryptocurrency miner on their devices.

The miner installed is called XMRig, and it is by far the most popular cryptojacker (a “hijacker” malware that mines crypto) out there. XMRig is known for generating Monero (XMR), a privacy-oriented currency that is difficult to trace.

Ultralytics founder and CEO Glenn Jocher confirmed the attack, and said it was addressed: “We confirm that Ultralytics versions 8.3.41 and 8.3.42 were compromised by a malicious code injection targeting cryptocurrency mining. Both versions have been immediately removed from PyPI,” Jocher posted to GitHub. “We have released 8.3.43 which addresses this security issue. Our team is conducting a full security audit and implementing additional safeguards to prevent similar incidents.”

However, over the weekend BleepingComputer said there were user reports of even newer versions – 8.3.45, and 8.3.46, who were “trojanized”. At press time, GitHub shows 8.3.48 as the newest version.

Via BleepingComputer

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar