Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary:

On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­—which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection.

Lots more details at that link. Also here.

Seth Michael Larson has a good summary of what should be done next:

From this story, we can see a few places where PyPI can help developers towards a secure configuration without infringing on existing use-cases.

API tokens are allowed to go unused alongside Trusted Publishers. It’s valid for a project to use a mix of API tokens and Trusted Publishers because Trusted Publishers aren’t universally supported by all platforms. However, API tokens that are being unused over a period of time despite releases continuing to be published via Trusted Publishing is a strong indicator that the API token is no longer needed and can be revoked.
GitHub Environments are optional, but recommended, when using a GitHub Trusted Publisher. However, PyPI doesn’t fail or warn users that are using a GitHub Environment that the corresponding Trusted Publisher isn’t configured to require the GitHub Environment. This fact didn’t end up mattering for this specific attack, but during the investigation it was noticed as something easy for project maintainers to miss.

There’s also a more general “What can you do as a publisher to the Python Package Index” list at the end of the blog post.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election

April 30, 2024 0 Comments 0 tags

Meta’s moderation failings could allow coordinated disinformation campaigns to thrive in the run-up to the EU election

New ‘LLMjacking’ Attack Exploits Stolen Cloud Credentials

May 9, 2024 0 Comments 0 tags

Sysdig said the attackers gained access to these credentials from a vulnerable version of Laravel

Over 80% of US Small Businesses Have Been Breached

October 31, 2024 0 Comments 0 tags

ITRC data finds 81% of US small businesses have suffered a data or security breach over the past year