黑客将恶意软件植入Mistral AI软件下载包

Odaily Odaily reports that Microsoft Threat Intelligence has indicated hackers inserted malicious code into the Mistral AI software package distributed via PyPI. This code automatically executes on Linux systems, downloading a malicious file named transformers.pyz from a remote server and launching it in the background. The malware primarily functions as a credential stealer, collecting developers' login information and access tokens.

Mistral stated that, affected by the TanStack security incident, one developer device was compromised, and there are currently no indications that Mistral's infrastructure has been breached.