Ultralytics YOLO PyPI supply-chain compromise (cryptominer)

What happened

Attackers exploited a GitHub Actions script-injection flaw (a malicious branch name in a pull request) together with a stale PyPI publishing token to push trojanized Ultralytics releases (8.3.41, 8.3.42, and later 8.3.45/8.3.46) that ran an XMRig Monero miner. The package draws over 260,000 PyPI downloads a day, making it one of the largest real-world AI-library compromises.

Root cause

A CI/CD injection in the project's GitHub Actions workflow combined with an unrevoked PyPI token let attackers build and publish malicious artifacts through the trusted release pipeline.

Fix / outcome

Maintainers yanked the malicious versions, rotated credentials, and hardened the workflow. Users were advised to upgrade to a clean release and check for the miner.

Sources