The Python-Biblioteum repository of Ultralytics, a popular tool for computer vision tasks, was recently targeted in an attack. The attackers were able to exploit a vulnerability that allowed them to execute code using the GitHub Action processor. They took advantage of this security loophole to introduce harmful versions of the library on Pypi, specifically designed for cryptocurrency mining.
The vulnerability was identified in the Ultralytics-Actions package, which facilitates the automation of actions within the repository. This package utilizes the GitHub Actions mechanism to run handlers for specific actions. In the Ultralytics project, a processor linked to the Pull_request_Target event, named Format.yml, was used to format code in incoming pull requests. This file contained shell commands with substitution templates.
Attackers initiated their attack by submitting a PULL request to the Ultralytics repository, naming a branch with a specific line. This led to the execution of a command that provided them access to repository tokens and other sensitive data. They were then able to modify the Publish.yml processor, circumventing certain checks and deploying their own code into the release by exploiting GitHub Actions.
The first malicious release, version 8.3.41, was uploaded to PYPI on December 4 at 23:51 (MSK) and subsequently removed at 12:15 the following day. Another harmful release, version 8.3.42, was posted at 15:47 and removed at 16:47. These versions remained available for download for approximately 13 hours. The malicious code contained in these releases was designed to load the XMRIG component from an external server for mining purposes.
The developers acted swiftly to address the issue, releasing corrective versions 8.3.43 and 8.3.44. However, the attackers struck again two days later, publishing harmful releases 8.3.45 and 8.3.46 with additional malicious code. Users are advised to refrain from installing any new versions until the investigation is complete and to fix their installations to version 8.3.44 to ensure their security.