Cryptomining code found in Ultralytics AI software versions

Security researchers discovered malicious code in two versions of Ultralytics’ YOLO AI model that installed cryptocurrency mining software on users’ devices. According to Bill Toulas from Bleeping Computer, versions 8.3.41 and 8.3.42 of the popular computer vision software were compromised through a supply chain attack. Ultralytics CEO Glenn Jocher confirmed that the affected versions have been removed from the Python Package Index (PyPI) and replaced with a clean version 8.3.43. The malware installed an XMRig Miner that connected to an external mining pool. The compromise appears to stem from malicious code submissions from a user in Hong Kong. The incident affected multiple projects that depend on Ultralytics’ software, including SwarmUI and ComfyUI. Users who installed the compromised versions are advised to scan their systems for malware.