Ultralytics YOLO Packages Compromised on PyPI via GitHub Actions Exploit

Taylor Brooks

Taylor Brooks

December 09, 2024 · 3 min read
Ultralytics YOLO Packages Compromised on PyPI via GitHub Actions Exploit

A critical security breach has been discovered in the popular Python library Ultralytics, compromising its packages on PyPI, the official Python package index. Attackers exploited a known vulnerability in GitHub Actions, a CI/CD service, to inject malicious code during the automated build process, resulting in the deployment of cryptocurrency mining malware on systems that installed the affected packages.

The malicious code was introduced into the Ultralytics YOLO packages via a script injection vulnerability in GitHub Actions, which was previously reported by security researcher Adnan Khan. The vulnerability allowed attackers to bypass the usual code review process, injecting the malicious code only into the package pushed to PyPI, not in the code repository on GitHub.

The compromised version of Ultralytics, 8.3.41, was published on December 4, and the developers were alerted on December 5. However, in their initial attempt to resolve the issue, they inadvertently pushed a new version, 8.3.42, which also included the rogue code. A clean and safe version, 8.3.43, was eventually published on the same day.

Ultralytics YOLO is a widely-used library for creating custom machine learning models, with over 30,000 stars and more than 6,000 forks on GitHub. The PyPI package has amassed almost 60 million downloads over its existence, making the potential impact of this breach significant.

Researchers from ReversingLabs analyzed the malicious code, finding that it modified two files, downloads.py and model.py. The code injected in model.py checks the type of machine where the package is deployed to download a payload targeted for that platform and CPU architecture. The rogue code that performs the payload download is stored in downloads.py.

While the malicious payload in this case was an XMRig miner for cryptocurrency mining, the potential consequences of this breach are far-reaching. Attackers could have delivered any type of malware, including backdoors or remote-access trojans (RATs), which could have devastating effects on affected systems.

The incident highlights the importance of securing the build environment and the need for developers to be cautious when using GitHub Actions. Security researcher Adnan Khan has previously reported on the script injection vulnerability and cache poisoning techniques used by the attackers. The ReversingLabs report includes indicators of compromise and file hashes to detect the infection, and systems that deployed Ultralytics 8.3.41 and 8.3.42 should be security audited.

This breach serves as a warning to the open-source community, emphasizing the need for vigilance and proactive security measures to prevent similar incidents in the future.

Similiar Posts

Copyright © 2024 Starfolk. All rights reserved.