金色财经
金色财经|May 13, 2026 00:25
[Hackers Implant Malware in Mistral AI Software Package] According to a report by Jinse Finance on May 13, Microsoft's Threat Intelligence team disclosed that attackers had embedded malicious code into the Mistral AI software package distributed via the PyPI platform. The malicious code automatically executes when developers use it on Linux systems, downloading a malicious file named `transformers.pyz` and running it in the background. The file name is deliberately designed to mimic the widely-used Hugging Face Transformers library to mislead users. Microsoft pointed out that the malware primarily steals developers' login credentials and access tokens, while avoiding systems using the Russian language. Some parts of the code can randomly delete device files located in Israel or Iran. This attack is linked to the "Shai-Hulud" supply chain attack campaign that began in September. Mistral responded by stating that their investigation revealed the attack originated from a compromised developer device, and the company's infrastructure was not breached.
+5
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads