BOOK THIS SPACE FOR AD
ARTICLE AD💣 Supply Chain Attack Hits YOLO11 AI Model on PyPI! 💣
The popular Ultralytics YOLO11 AI model has fallen victim to a supply chain attack. Hackers injected cryptominer malware into versions 8.3.41 and 8.3.42 available on the Python Package Index (PyPI), affecting thousands of users worldwide.
🔍 What is Ultralytics? Ultralytics is a leading developer of AI and computer vision tools, especially known for its YOLO (You Only Look Once) object detection model. YOLO powers real-time object detection for video streams, used by industries like autonomous driving, surveillance, and robotics.
The Ultralytics library has received: ⭐ 33,600 GitHub Stars 🍴 6,500 Forks 📈 260,000+ PyPI downloads in 24 hours
Unfortunately, this attack has left a mark on its users.
On December 6, 2024, two versions of Ultralytics (8.3.41 and 8.3.42) were released to PyPI. These versions contained malicious code that launched a crypto miner to steal user resources.
How It Happened:
Hackers injected a malicious pull request (PR) with hidden code injections into the source code.When users installed or updated to versions 8.3.41 or 8.3.42, it triggered the launch of XMRig Miner.The miner connected to “connect.consrensys[.]com:8080”, a crypto-mining pool, and consumed users’ CPU power.Google Colab users were flagged for “abusive activity” and banned after running the infected versions.📢 Affected Libraries: The attack didn’t stop at Ultralytics. Other libraries like SwarmUI and ComfyUI also installed the malicious package as a dependency.
The attack exploited the software supply chain — a growing trend in cybercrime. Here’s how it worked:
1️⃣ Malicious PRs (Pull Requests): Two pull requests from a user in Hong Kong added hidden code injections into branch names.
2️⃣ Code Infiltration: The injected code was overlooked during review and merged into the Ultralytics package.
3️⃣ Supply Chain Infiltration: Once deployed to PyPI, anyone updating to 8.3.41 or 8.3.42 inadvertently installed the crypto miner.
If you installed Ultralytics 8.3.41 or 8.3.42, you may have unknowingly launched the crypto miner.
Steps to Protect Yourself:
1️⃣ Check Running Processes for XMRig miners (often named ultralytics_runner).
2️⃣ Scan Your System with a reputable antivirus or anti-malware tool.
3️⃣ Upgrade to 8.3.43: Ultralytics has released a clean version 8.3.43 on PyPI.
4️⃣ Audit Your Dependencies: Ensure SwarmUI and ComfyUI are not running older, compromised versions.
Ultralytics’ CEO Glenn Jocher confirmed the attack, stating:
🗣️ “We confirm that Ultralytics versions 8.3.41 and 8.3.42 were compromised by a malicious code injection targeting cryptocurrency mining. Both versions have been immediately removed from PyPI.”
What Ultralytics is Doing:
🔹 Released clean version 8.3.43 to PyPI.
🔹 Conducting a full security audit to identify root causes.
🔹 Implementing additional security measures to prevent future breaches.
While no evidence has emerged that private user data was stolen, it’s recommended to perform a full system scan as a precaution.
Supply chain attacks are one of the most dangerous forms of cybercrime. Here’s why:
🔴 Silent Attack: Users unknowingly install malware via legitimate software updates.
🔴 Impact on the Industry: Tools like YOLO are used in autonomous vehicles, healthcare, and robotics — industries that rely on security and trust.
🔴 Resource Theft: The XMRig miner consumes CPU resources, slowing down critical processes.
🔴 Widespread Reach: The attack affects libraries that depend on Ultralytics, like SwarmUI and ComfyUI, amplifying its impact.
🔎 Root Cause Analysis: Investigate the PR exploitation method.
🔐 Stronger Code Reviews: Introduce code signing and stricter validation on PRs.
🚀 Security Tools: Use tools like GitHub Dependabot to detect malicious dependencies.
As this attack shows, no open-source project is safe from supply chain threats. This is a lesson for all developers to review code changes and audit dependencies before releasing new versions.
Supply chain attacks like this one highlight the importance of Penetration Testing. Don’t wait for a breach to act.
At Wire Tor, we specialize in
🔒 Supply Chain Penetration Testing
🔍 Code Review and Threat Hunting
🔗 Follow our page for the latest in Pentesting! 👉 Follow for Pentest Services
🎉 Final Thoughts This Ultralytics AI hijack is another reminder that open-source supply chains are a prime target for hackers. Software developers and organizations need to be more vigilant than ever.
💣 Don’t wait for the next breach. Get your systems tested today. 💣
👉 Need help with a pentest or security audit? Contact Wire Tor for expert cybersecurity solutions.