Compromised ultralytics PyPI package delivers crypto coinminer
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A malicious version of the popular AI library ultralytics was published on PyPI, containing downloader code for the XMRig coinminer. The compromise was achieved by exploiting a known GitHub Actions script injection. Two versions, 8.3.41 and 8.3.42, were affected before a clean version 8.3.43 was released. The attack had potential to impact millions of users due to the package's popularity. The infection vector involved crafting malicious pull requests to gain backdoor access. The compromise was initiated from Hong Kong. The malicious code was inserted into downloads.py and model.py files, designed to download platform-specific payloads. While this incident focused on cryptocurrency mining, it could have been used to deploy more aggressive malware.
OPENCTI LABELS :
xmrig,pypi,coinminer,ultralytics,supply-chain-attack
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Compromised ultralytics PyPI package delivers crypto coinminer