Ripple CEO Reveals What It Would Mean For XRP Holders If The Company Went Public
Ripple CEO discusses potential IPO benefits for XRP holders.
NewsBTC1 min read
Hackers Insert Malware Into Mistral AI Software Download
TL;DR
Hackers compromised a Mistral AI software download, inserting malware that steals credentials and could harm Linux systems. Mistral claims its infrastructure remains secure despite the breach.
Key points
- Hackers compromised Mistral AI software download
- Malware steals credentials and damages Linux systems
- Mistral claims no evidence of infrastructure compromise
Mentioned in this story
MicrosoftMistral AI
PyPIHugging Face Transformers
In brief
- Microsoft said attackers compromised a Mistral AI software download used by developers.
- The malware allegedly stole credentials and could damage some Linux systems.
- Mistral said it has no evidence that its infrastructure was compromised.
Microsoft Threat Intelligence said Monday that attackers inserted malicious code into a Mistral AI software package distributed through PyPI, a popular platform developers use to download Python software tools.
In a post on X, Microsoft said the malicious code automatically ran when developers used the software on Linux systems. The code downloaded a second malicious file called transformers.pyz from a remote server and launched it in the background.
“The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments,” Microsoft wrote.
The company said the malware primarily worked as a credential stealer capable of collecting developer login information and access tokens. Microsoft also said the malware avoided Russian-language systems and included code that could randomly delete files on some systems that appeared to be located in Israel or Iran.
Reports link the latest attack to the broader “Shai-Hulud” malware campaign that began in September and targets software supply chains by infecting trusted developer packages and stealing credentials from compromised systems.
“Shai-Hulud, that spoopy Git worm thingy everyone’s been yapping about, has been open-sourced,” cybersecurity firm VX Underground wrote on X. “What does this mean? TeamPCP, or someone else, has released the fully weaponized worm for you.”
Microsoft advised organizations to isolate affected Linux systems, block the associated internet address, search for signs of infection, and replace potentially exposed credentials.
On Tuesday, Mistral said on its website that it was impacted by a supply-chain attack tied to the broader TanStack security incident. The company said an automated worm associated with the attack led to compromised NPM and PyPI package versions being published.
“Current investigation indicates that an affected developer device was involved,” the company . “We have no indication that Mistral infrastructure was compromised.”
Q&A
What malware was inserted into the Mistral AI software?
The malware inserted into the Mistral AI software is designed to steal credentials and can damage Linux systems.
How did the malware affect developers using Mistral AI?
The malware automatically ran when developers used the compromised software, downloading additional malicious files in the background.
Did Mistral AI's infrastructure get compromised in the attack?
Mistral stated that it has no evidence indicating that its infrastructure was compromised during the attack.
