Ultralytics AI Pwn Request Supply Chain Attack

The ultralytics supply chain attack occurred in two phases between December 4-7, 2024, targeting the PyPI registry through malicious versions of version 8.3.41 and 8.3.42, which were released by an attacker to bypass GitHub Actions entirely. The attack was first detected through Google Colab's automated abuse detection system, which flagged suspicious activity within hours of the first malicious release. Users across various projects reported unusual CPU usage patterns, and package maintainers identified discrepancies between the GitHub repository and PyPI releases. The malicious versions included a cryptocurrency mining payload designed to run silently in the background while consuming significant system resources, triggering Google Colab's automated abuse detection systems and causing some users' accounts to be temporarily suspended due to high CPU usage characteristics of mining activity. To prepare for ultralytics remediation, developers should gauge their exposure to the Python dependency, review pip install logs during affected time windows, check current versions, review system logs for unusual CPU activity, and check for automated builds or CI/CD runs during these periods. Notable projects using Ultralytics include ComfyUI, Comic-Translate, and Roboflow, which have made statements regarding the situation. The attack exploited a sophisticated chain of vulnerabilities in GitHub Actions through template injection via branch name, including exploiting a custom action that had reintroduced a previously fixed security issue. Snyk's vulnerability database and CLI tools can help identify if you're running a compromised version of Ultralytics, as well as checking for other potential vulnerabilities in dependencies. The Snyk GitHub Actions Scanner is an open-source utility that can help identify vulnerable GitHub Actions configurations like those exploited in this incident.