Microsoft Threat Intelligence reported on Monday that attackers inserted malicious code into a Mistral AI software package distributed via PyPI, a popular Python package repository. The malware, disguised as 'transformers.pyz' to mimic Hugging Face's Transformers library, automatically executed on Linux systems, downloading a secondary payload that functioned as a credential stealer. It targeted developer login information and access tokens, and exhibited geo-fencing behavior by avoiding Russian-language systems while potentially deleting files on systems located in Israel or Iran. The attack is linked to the broader 'Shai-Hulud' campaign targeting software supply chains. Mistral confirmed it was impacted by a supply-chain attack tied to the TanStack incident, noting that an automated worm compromised NPM and PyPI packages, but stated no evidence of infrastructure compromise. Experts highlighted rising risks in package repositories like NPM and PyPI, which are increasingly exploited in crypto-related attacks due to dependencies by blockchain apps, wallets, and trading platforms. Organizations are advised to isolate affected systems, block associated IPs, and rotate exposed credentials.

Key facts

• Malicious code inserted into Mistral AI package on PyPI, mimicking Hugging Face Transformers library.
• Malware steals credentials and targets Linux systems, avoiding Russian-language systems.
• Attack linked to Shai-Hulud campaign targeting software supply chains since September.
• Mistral acknowledges impact but denies infrastructure compromise, citing affected developer device.
• NPM and PyPI increasingly targeted in crypto-related supply chain attacks.