ultralytics
Ultralytics PyPI package compromised distributing cryptominer
Attackers exploited a vulnerability in the project's GitHub Actions CI/CD workflow (combining `pull_request_target` trigger with command injection via unsanitized branch names). This allowed them to execute arbitrary code during the build/publish process and upload malicious versions of the official `ultralytics` package directly to PyPI. These compromised versions contained an XMRig cryptominer. Several malicious versions were published over a few days before being detected and removed.
- Date
- 2024-12-04 to 2024-12-07
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- CI/CD
- Impact
- Financial Exploitation
- Cause
- GHA Vulnerability
What Was Affected
Package
ultralytics
LanguagePython
ComponentLibrary
Artifact typesource archive
Domain typepackage host
Domain
pypi.org
Repository
github.com/ultralytics/ultralytics
Compromised Versions
Incident Context
- Motive
- Financial Gain
- Attribution
- Individual Hacker
- Observed Duration
- 3 days
Evidence
Compromised Artifacts
- pypi.org/project/ultralytics/8.3.41
- pypi.org/project/ultralytics/8.3.42
- pypi.org/project/ultralytics/8.3.45
- pypi.org/project/ultralytics/8.3.46
Current Artifacts and Analysis
- legitsecurity.com/blog/the-ultralytics-supply-chain-attack-how-it-happened-how-to-prevent
- safetycli.com/research/supply-chain-attack-ultralytics-ai
- github.com/ultralytics/ultralytics/security/advisories/GHSA-32hc-9xrg-cc9g
- github.com/ossf/package-analysis/blob/main/pkg/analyzers/search/rules/rules.yaml
Indicators and Changes
Hashes
sha256:23d1f5dcec5d678a34a5947d615f3c3d31246e935bb8c93d9f7c790a23b19a8csha256:16b1a872b13c63c9a5d75cfb5cdec76a6a4fd95a7d42f5fc3ca3d40b78b80fe7sha256:e2e05bdc1b2f22fef4a14d4fe4b4f21b8d15f83ceb4a9a4a21f5f6e02cb25a1csha256:6d01a5382b3b1f1c03d795aafc4830c2b8389cb0d5e30c9e0285e55af0a237eb
Commits
External References
Source Data
Source record: oss/ultralytics/meta.yaml