Ultralytics YOLO11 AI model on PyPI hijacked to inject cryptominer
Take action: If you are using Ultralitics YOLO11 8.3.41 or 8.3.42, consider your computers compromised. Remove the package immediately, check for the active cryptominer - ideally wipe the computers, reset all passwords and then install version 8.3.43. You can't be certain it was just cryptominer.
Learn More
A supply chain attack has targeted the popular Ultralytics YOLO11 AI model, affecting versions 8.3.41 and 8.3.42 distributed through the Python Package Index (PyPI). The real-time object detection YOLO model has been compromised to deploy cryptocurrency miners on users' systems.
The incident's impact was substantial, considering the library's widespread use, with 33,600 GitHub stars, 6,500 forks, and over 260,000 downloads from PyPI in just 24 hours. The compromise affected not only direct installations but also dependent projects including SwarmUI and ComfyUI.
The compromised versions installed an XMRig Miner at '/tmp/ultralytics_runner'. The miner connected to a mining pool at "connect.consrensys[.]com:8080". The attack originated from two malicious Pull Requests with code injection in branch names, submitted by a user in Hong Kong
The company quickly responded by removing the compromised versions and releasing version 8.3.43 as a clean replacement. Glenn Jocher, Ultralytics' founder and CEO, confirmed the compromise and announced that the team is conducting a full security audit and implementing additional safeguards.
While the primary purpose of the malicious code appears to be cryptocurrency mining, there is currently no confirmation whether user data was also compromised. Google Colab users who installed the compromised versions had their accounts flagged and banned for "abusive activity."
Users who downloaded versions 8.3.41 or 8.3.42 should perform a full system scan and upgrade to version 8.3.43 immediately.
