深潮TechFlow
深潮TechFlow|May 13, 2026 00:16
[Hackers Implant Malicious Code in Mistral AI Package] Deep Tide TechFlow reports that on May 13, according to Decrypt, Microsoft's Threat Intelligence division disclosed that attackers had implanted malicious code into the Mistral AI package distributed via the PyPI platform. The malicious code automatically runs when developers use it on Linux systems, downloading a malicious file named `transformers.pyz` and executing it in the background. The file name is deliberately designed to mimic the widely-used Hugging Face Transformers library to create confusion. Microsoft pointed out that the malware primarily steals developers' login credentials and access tokens, avoids systems using Russian language settings, and some code can randomly delete device files located in Israel or Iran. This attack is linked to the "Shai-Hulud" supply chain attack campaign initiated in September. Mistral responded by stating that investigations revealed the attack originated from a compromised developer device, and the company's infrastructure was not breached.
+6
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads