Python Library Hijacked: Cryptocurrency Miners Invade Ultralytics!

Two versions of the popular Python AI library, Ultralytics, were hijacked to run a cryptocurrency miner. Users noticed a CPU surge, a clear red flag, leading to the discovery. A security fix has now been rolled out, but remember, nothing says “I love you” like a surprise crypto mining operation!

3P
Published: December 7, 2024 11:13 amAdded: December 7, 2024 at 3:40 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew AI could make your computer sweat harder than a marathon runner? It seems like the only thing ultralytics mined faster than insights was cryptocurrency! Time to put those CPUs on a vacation.

Key Points:

  • Two versions of the ultralytics Python AI library were compromised with a cryptocurrency miner.
  • The affected versions, 8.3.41 and 8.3.42, have been removed from the PyPI repository.
  • A security fix has been introduced to prevent future malicious code injections.
  • Attackers exploited a GitHub Actions Script Injection to mess with the build environment.
  • The payload was primarily aimed at mining cryptocurrency using XMRig.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?