TechFlow News, May 13: According to a report by Decrypt, Microsoft’s Threat Intelligence team disclosed that attackers injected malicious code into Mistral AI packages distributed via the PyPI platform. This malicious code executes automatically when developers use the package on Linux systems, downloading and running a malicious file named transformers.pyz in the background. The filename is deliberately designed to mimic the widely used Hugging Face Transformers library to cause confusion.
Microsoft noted that the malware primarily steals developers’ login credentials and access tokens. It avoids execution on Russian-language systems and includes portions of code capable of randomly deleting files on devices located in Israel or Iran. This attack is linked to the “Shai-Hulud” supply-chain attack campaign, which began in September. Mistral responded that its investigation found the attack originated from compromised developer devices, and its infrastructure was not breached.
