黑客在 Mistral AI 软件包中植入恶意代码
深潮 TechFlow 消息,5 月 13 日,据 Decrypt 报道,微软威胁情报部门披露,攻击者将恶意代码植入通过 PyPI 平台分发的 Mistral AI 软件包。该恶意代码在开发者于 Linux 系统使用时自动运行,下载名为 transformers.pyz 的恶意文件并在后台执行,文件名刻意模仿广泛使用的 Hugging Face Transformers 库以混淆视听。
微软指出,该恶意软件主要窃取开发者登录凭证和访问令牌,并会避开俄语系统,部分代码可随机删除位于以色列或伊朗的设备文件。此次攻击与 9 月启动的"Shai-Hulud"供应链攻击活动相关。Mistral 回应称,调查显示攻击源于被入侵的开发者设备,公司基础设施未被攻破。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
Odaily•11m agoBIT US stocks have a 100-day AUM of more than $200 million, and you can invest in US stocks without a bank card
ChainCatcher•1h agoThe Hong Kong High Court froze the assets of Prince Group Chen Zhi and others for HK$8.938 billion
ChainCatcher•1h agoThe 21Shares Hyperliquid ETF (THYP) recorded a solid performance with a trading volume of $1.8 million on the first day, with analysts calling it solid
ChainCatcher•1h agoData: Alameda Research withdrew more than $20 million in assets from KuCoin in the past 2 hours
Odaily•2h agoDeposit 3,000 BNB to Pionex 45 minutes before the GMGN fee related address
ChainCatcher•2h agoLegend announced the closure of its operations and will cease operations on July 12
ChainCatcher•2h agoFigures: More than 1 million US merchants now accept Bitcoin payments through Square
ChainCatcher•3h agoCharles Schwab has begun rolling out crypto accounts to retail customers that support direct purchases of Bitcoin and Ethereum
ChainCatcher•3h agoData: The Pendle team deposited 600,000 PENDLE to Binance, worth $1.27 million
Odaily•3h agoBrother Maji held $40.59 million in BTC and ETH long orders, losing $2.16 million in the past week