A recent supply chain attack has targeted Ultralytics, a Maryland-based software company known for its YOLO image recognition and detection AI model. The attack involved the compromise of versions 8.3.41 and 8.3.42 of the Ultralytics YOLO model, which resulted in the installation of XMRig cryptomining software on users’ systems.
The incident was first brought to light in a GitHub thread where a developer raised concerns about the compromised PyPI package for Ultralytics YOLO version 8.3.41. This discovery prompted other developers to confirm the compromise and recommend removing the affected package from their systems. Although Ultralytics has not issued an official advisory, the company has taken steps to investigate the attack and temporarily halted automatic deployments.
The thread author, identified as “metrizable,” noticed the malicious code when comparing the PyPI package with the GitHub repository. Additional reports of suspicious activity surfaced in separate GitHub threads, leading to further confirmation of the compromise by another developer affiliated with Ultralytics, known as “Skillnoob.”
Despite efforts to address the issue by removing versions 8.3.41 and 8.3.42 from the PyPI package, it was later revealed that the subsequent version, 8.3.42, was also affected by the cryptomining campaign. Skillnoob confirmed this development and advised users to revert to version 8.3.40 or earlier to ensure safety.
Ultralytics founder and CEO Glenn Jocher provided insight into the situation, stating that there was evidence of malicious code injection in the pypi deployment workflow itself. The company traced the activity to a GitHub user in Hong Kong and took action to block the account. The issue was ultimately resolved with the release of YOLO version 8.3.43, and a subsequent update to version 8.3.44 was announced shortly after.
Despite these measures, questions remain about how the threat actor was able to compromise Ultralytics’ supply chain and impact multiple versions of the YOLO model. As of now, Ultralytics has not issued a public advisory or responded to requests for comment on the attack.
This incident adds to a string of supply chain compromises this year, including the use of fake Python infrastructure to target GitHub repositories for Top.gg in March and the compromise of NPM packages for the Lottie Player JavaScript library in October. These incidents underscore the need for heightened security measures within the software supply chain to prevent future attacks.
In conclusion, the Ultralytics supply chain attack serves as a stark reminder of the evolving threat landscape facing software companies and the importance of vigilance in safeguarding against malicious actors.