Supply chain
β Supply Chain
Ultralytics YOLO PyPI Package Supply Chain Attack
Primary Source βIncident Details
The popular Ultralytics YOLO AI/ML library (60M+ downloads, 30K+ GitHub stars) was backdoored on 4 December 2024. Versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 deployed XMRig to mine Monero on end-user machines. The attack exploited a GitHub Actions pwn-request vulnerability to steal the PyPI publish token. Even the ‘remediation’ version 8.3.42 initially contained the malicious code; clean version 8.3.43 was released the same day. A second phase on 7 December saw the attacker publish directly to PyPI bypassing CI/CD entirely.
Technical Details
- Initial Attack Vector
- Attacker abused GitHub Actions by crafting malicious git branch names in pull requests to exfiltrate PyPI publish tokens from the CI/CD runner environment; then published backdoored package versions to PyPI
- Vendor / Product
- GitHub Actions; PyPI
- Software Package
ultralytics- Malware Family
- XMRig (Monero cryptominer)
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2024-12-04 Breach occurred
- 2024-12-05 Publicly disclosed
- 2024-12-05 Customers notified