Ultralytics AI Library Versions Contain Malicious Cryptocurrency Miner
/ 1 min read
Ultralytics AI library compromised in supply chain attack. Two versions of the popular Python AI library, ultralytics (8.3.41 and 8.3.42), were found to contain malicious code that deployed a cryptocurrency miner, leading to increased CPU usage for users. The compromised versions have been removed from the Python Package Index (PyPI), and a new version has been released to secure the publication workflow. The attack exploited a vulnerability in the build environment, allowing unauthorized modifications post-code review. Security experts warn that while the current threat involved a miner, more severe malware could potentially be introduced in the future. Users are advised to update to the latest version to mitigate risks.