| Category | Details |
|---|---|
| Threat Actors | Unknown; exploited by an account named “openimbot,” claiming association with the OpenIM SDK. |
| Campaign Overview | Compromise of two versions (8.3.41 and 8.3.42) of the Python AI library Ultralytics to deliver cryptocurrency-mining malware via a supply chain attack. |
| Target Regions | Users of the Python AI library globally, with potential impact on macOS and Linux systems. |
| Methodology | Compromise of the build environment via GitHub Actions Script Injection to insert malicious code after the code review stage. |
| Product Targeted | Python AI library Ultralytics and its dependencies, including systems using ComfyUI that rely on the library. |
| Malware Reference | XMRig cryptocurrency miner deployed through malicious versions of the library. |
| Tools Used | Exploitation of GitHub Actions workflow, malicious pull requests, and unauthorized script execution. |
| Vulnerabilities Exploited | GitHub Actions Script Injection in the “ultralytics/actions” repository allowed for unauthorized code injection into the build environment. |
| TTPs | – Exploiting CI/CD pipelines. – Malicious pull requests to insert unauthorized scripts. – Targeting supply chains to spread cryptocurrency-mining malware. |
| Attribution | Attack origin traced to GitHub account “openimbot”; further attribution unclear. |
| Recommendations | – Update to the latest secure version of Ultralytics. – Monitor build environments for anomalies. – Employ stricter validation in CI/CD workflows. |
| Source | TheHackersNews |
Read full article: https://thehackernews.com/2024/12/ultralytics-ai-library-compromised.html
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply