Microsoft Threat Intelligence has identified that hackers have embedded malicious code into Mistral AI software packages distributed through the Python Package Index (PyPI). The malware, which targets Linux systems, downloads a file named transformers.pyz from a remote server and executes it in the background. This malicious code primarily acts as a credential stealer, gathering developers' login credentials and access tokens.
Mistral has acknowledged that a developer device was compromised due to the TanStack security incident. However, the company assures that there is no evidence of any breach in Mistral's infrastructure itself.
Hackers Embed Malware in Mistral AI Software via PyPI
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.