close
close

Python-KI library considered a malware hack

Posted on by Sweet
Python-KI library considered a malware hack

One suspected KI model is a hacker-angriff that chose to make unauthorized compromises with the Ultralytics YOLO11 Python library and identify malware. Vorfall is an opportunity to launch Open-Source projects and make a contribution to research.

Angriff auf KI-Bibliothek: Malware in search of information

This is currently the Ultralytics YOLO11 Python library, a KI model for computer vision and object searching. Hacker offers two versions of the software and basic elements of a cryptocurrency miner.

Schädling, like XMRig, does not need to scan for malicious devices to use the Monero cryptocurrency. We found early releases of versions 8.3.41 and 8.3.42, which are based on the Python Package Index (PyPI) platform.

Ultralytics is the best of the fall

As The Hacker News did, the best Glenn Jocher, the founder of Ultralytics, published the article and published some background information. Jocher Erklärte:

We have the best versions of Ultralytics 8.3.41 and 8.3.42 thanks to full code injection, which is carried out at the cryptocurrency mining level. The following versions are easily accessible via PyPI.

Glenn Jocher, Gründer von Ultralytics

Approved versions will be as the issue occurs in the PyPI repository and a version 8.3.43 is available. YOLO11 is one of the most popular Open Source projects. Täglich verzeichnet es hunderttausende Downloads. This belief may be an attractive location for cybercrime.

Refined information on hackers

Sicherheitsforscher vermuten, the Angreifer a bekannte Schwachstelle in GitHub Actions ausnutzten. The goal is to refine the code: you don’t have to manipulate the code on GitHub and you must use the Build tool for PyPI deployment. So you may find unwanted information during clean code review.

Handling devices for Nutzer

Ultralytics factory as a result of the fall in the Sandboxing process in the implementation of the office for the implementation, a better way to create this art of Angriffen zu schützen. Aktuell ist für Nutzer der Bibliothek jedochste Vorsicht geboten. Sollten folgende Schritte will explain to you:

  • Please note that the version is available
  • Please note that the current version will be updated.
  • Auch Indirekte Nutzung über Abhängigkeiten in anderen Projects überprüfen
  • A thorough check of the system for possible infections lasts

This article is part of a very interesting series, among popular open source projects for the use of malware that have failed. It is true that the reliability and security of all software is linked to use and understanding.

Was this your über diesen Vorfall? Do you have your own KI library like YOLO11 in your European projects? We offer security solutions and guarantees for Open Source software in the comments with us!

Fassung

  • Python-Bibliothek Ultralytics YOLO11 from Hackern compromised
  • Kryptominer XMRig in simple versions 8.3.41 and 8.3.42
  • Use the Build tool for PyPI deployment
  • Täglich hunderttausende Downloads machen YOLO11 zu attractivem Ziel
  • Please note that there are versions of the system and subterfuge infections
  • Here is the list of examples of Open Source projects considered
  • The description of the Software-Lieferkette must be taken into account

See also: