MistralAI PyPI Package Compromised with Credential-Stealing Malware

Severity: High (Score: 74.0)

Sources: Cointribune, Letsdatascience, Gbhackers, Cybersecuritynews

Summary

On May 12, 2026, Microsoft alerted that version 2.4.6 of the mistralai package on PyPI was compromised with malicious code. This malware targets Linux systems and executes automatically upon import, downloading a secondary payload from an attacker-controlled IP. The payload is designed to steal credentials, including GitHub tokens and cloud API keys, and has a destructive feature that may delete files in specific regions. The attack is part of a larger supply chain compromise affecting over 170 npm packages and 2 PyPI packages, attributed to the hacker group TeamPCP. The malicious code was injected into the mistralai/client/__init__.py file, leading to widespread risk for developers using the library. PyPI has quarantined the Mistral AI project, and security experts recommend immediate token rotation for affected developers. The incident highlights vulnerabilities in the open-source ecosystem and the need for enhanced security measures. Key Points: • Version 2.4.6 of the mistralai package on PyPI was compromised with credential-stealing malware. • The attack is part of a larger campaign affecting over 170 npm packages and 2 PyPI packages. • Developers are advised to rotate their credentials immediately due to the malware's persistence.

Key Entities

• TeamPCP (apt_group)
• Malware (attack_type)
• Supply Chain Attack (attack_type)
• Mini Shai-Hulud (malware)
• MistralAI (company)
• Iran (country)
• Israel (country)
• CWE-94 - Code Injection (cwe)
• 83.142.209.194 (ipv4)
• T1036 - Masquerading (mitre_attack)
• T1059.006 - Python (mitre_attack)
• T1059 - Command and Scripting Interpreter (mitre_attack)
• T1105 - Ingress Tool Transfer (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)
• GitHub (platform)
• Linux (platform)
• PyPI (platform)
• Systemd (platform)
• Npm (tool)
• Python (tool)