In short
- Microsoft said the attackers compromised the download of Mistral AI software used by developers.
- The malware allegedly stole information and could infect other Linux systems.
- Mistral said it had no evidence that its equipment had been damaged.
Microsoft Threat Intelligence said on Monday that the attackers injected malicious code into the Mistral AI software distributed via PyPI, which popular platform developers use to download Python programming tools.
In a post on X, Microsoft said the malicious code only started when developers ran the software on Linux machines. The code downloaded a second malicious file named transformers.pyz from a remote server and executed it in the background.
“The transformers.pyz file appears to be deliberately chosen to mimic the Hugging Face Transformers library that is widely used and integrated with ML/dev,” Microsoft wrote.
The company said the malware works as a hacker that can collect login credentials and tokens. Microsoft also said that the malware bypassed Russian-language commands and included code that could delete files on computers that appeared to be located in Israel or Iran.
Reports link the latest attack to “Shai-Hulud“The malware campaign that began in September targets software supply chains by launching trusted software and stealing information from compromised systems.
“Shai-Hulud, the Git worm everyone’s been talking about, has been discovered,” cybersecurity firm VX Underground said. he wrote on X. “What does this mean? TeamPCP, or someone else, has released a fully equipped worm for you.”
Microsoft advised organizations to isolate affected Linux systems, block addresses connected to the Internet, search for signs of infection, and update information that could be exposed.
On Tuesday, Mistral said on its website that it was affected by a security breach related to TanStack. The company said a standalone worm linked to the attack caused versions of the NPM and PyPI packages to be published.
“The latest research shows that the affected device was affected,” the company said he wrote. “We have no indication that the Mistral went awry.”
Node Package Manager or NPM is one of the world’s best JavaScript software downloaders. It has become a major target for crypto-related cyberattacks because many blockchain applications, wallets, and trading platforms rely on software distributed through the service. In September, Ledger CTO Charles Guillemet he warned that hackers have compromised the NPM package that is widely used in attacks that can control crypto transactions and steal money.
“The affected packages have already been downloaded more than 1 billion times, meaning that the entire JavaScript ecosystem could be at risk,” Guillemet said. he wrote at X at that time.
Some recent attacks used the NPM poison package attached to fake crypto bots and blockchain tools spreading malware through Ethereum smart contracts.
Daily explanation A letter
Start each day with top stories right here, including originals, podcasts, videos and more.
