黑客在 Mistral AI 软件包中植入恶意代码
深潮 TechFlow 消息,5 月 13 日,据 Decrypt 报道,微软威胁情报部门披露,攻击者将恶意代码植入通过 PyPI 平台分发的 Mistral AI 软件包。该恶意代码在开发者于 Linux 系统使用时自动运行,下载名为 transformers.pyz 的恶意文件并在后台执行,文件名刻意模仿广泛使用的 Hugging Face Transformers 库以混淆视听。
微软指出,该恶意软件主要窃取开发者登录凭证和访问令牌,并会避开俄语系统,部分代码可随机删除位于以色列或伊朗的设备文件。此次攻击与 9 月启动的"Shai-Hulud"供应链攻击活动相关。Mistral 回应称,调查显示攻击源于被入侵的开发者设备,公司基础设施未被攻破。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
ChainCatcher•16m agoData: The Pendle team deposited 600,000 PENDLE to Binance, worth $1.27 million
Odaily•42m agoBrother Maji held $40.59 million in BTC and ETH long orders, losing $2.16 million in the past week
ChainCatcher•1h agoErik Voorhees linked whales to buy 494 ETH again, bringing the total position to 127,700
Odaily•1h agoBase Leader: x402 now supports batch settlement
ChainCatcher•1h agoAnthropic is in talks to raise at least $30 billion at a $900 billion valuation
Odaily•1h agoSpark launches the 3rd month SPK buyback
ChainCatcher•1h agoData: A wallet that has been dormant for a year spent 5.81 million USDC to purchase 2,570 ETH 7 hours ago
ChainCatcher•4h agoJPMorgan Chase will launch a second tokenized money market fund on Ethereum
ChainCatcher•4h agoData: Bitcoin's market share has rebounded to more than 58%, and the market may enter a consolidation stage
TechFlow•8h agoBrazil's central bank fined Banco Topázio about $3.15 million and banned it from conducting crypto-asset OTC forex business for 2 years