Executive Summary

On December 4, a malicious version 8.3.41 of the popular AI library ultralytics — which has almost 60 million downloads — was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project's build environment was achieved by exploiting a known and previously reported GitHub Actions script injection.

The post Compromised ultralytics PyPI package delivers crypto coinminer appeared first on Security Boulevard.

Karlo Zanki

Source: Security Boulevard
Source Link: https://securityboulevard.com/2024/12/compromised-ultralytics-pypi-package-delivers-crypto-coinminer/