Microsoft says it is investigating a Mistral AI PyPI package v2.4.6 compromise; researchers say it is likely part of the Mini Shai-Hulud supply chain attack
The malware reportedly refused to run on Russian-language systems but could execute a destructive payload under certain geographic conditions.
Tom's Hardware Etiido Uko
Related Coverage
- MistralAI PyPI Package Compromised to Inject Malicious Code - Microsoft Warns Cyber Security News · Tushar Subhra Dutta
- mistralai v2.4.6 PyPI Backdoor: The AI Development Tool That Steals Credentials and Wipes Disks Lyrie Research
- Postmortem: TanStack npm supply-chain compromise TanStack
- Shai Hulud attack ships signed malicious TanStack, Mistral npm packages BleepingComputer · Bill Toulas
- Shai-Hulud compromises the @tanstack ecosystem: 160+ packages compromised Endor Labs · Peyton Kennedy
- Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack Aikido Security's Blog · Raphael Silva
- Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps VentureBeat · Louis Columbus
- Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages The Hacker News
- Mistral AI SDK, TanStack Router hit in npm software supply chain attack CSO · John E. Dunn
- Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages SafeDep's Blog · Apollo-Core
- Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised wiz.io
- TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack Snyk · Stephen Thoemmes
- Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages Step Security Blog · Ashish Kurmi
- TanStack, Mistral AI, UiPath Hit In Fresh Supply Chain Attack SecurityWeek · Ionut Arghire
- New ‘Shai-Hulud’ attack breached hundreds of npm and PyPI packages CyberInsider · Bill Mann
- Mini Shai-Hulud Hits TanStack npm Packages Infosecurity · Alessandro Mascellino
- SAP npm Supply Chain Compromise: TeamPCP Targets Enterprise CAP Development with Memory-Scraping Infostealer Lyrie Research
- Several npm latest releases are compromised · Issue #7383 · TanStack/router GitHub · Ashishkurmi
- If you use Tanstack the packages all got compromised in npm with credential stealing malware. https://socket.dev/... @GossiTheDog@cyberplace.social · Kevin Beaumont
- Postmortem: TanStack NPM supply-chain compromise Hacker News
- Postmortem: TanStack NPM supply-chain compromise Hacker News
- Postmortem: TanStack npm supply-chain compromise Lobsters
Discussion
-
@msftsecintel
@msftsecintel
on x
Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/ transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. […
-
@fr0gger_
Thomas Roccia
on x
Attackers are taking advantage of AI, not only by leveraging models but also by exploiting the whole adjacent ecosystem around them!
-
@cyb3rops
Florian Roth
on x
the official OpenSearch client for Node.js has also been compromised
-
@karankendre
Karan
on x
“Babe wake up” We got another supply chain attack [video]
-
@sasurobert
Robert Sasu
on x
how will we teach AI all the attack vectors, all the npm chain attacks and everything ? In general, all the models we use are trained in some data maximum up to the release date and that is what is baked into the parameters. Like in default cases the AI will choose to run with
-
@fentasyl
@fentasyl
on x
ok but you gotta give it to them, that's a pretty funny feature [image]
-
@jasonsaayman
@jasonsaayman
on x
Please everyone use Socket Firewall and set your package managers minimum release age. All node package managers as far as I found support this; set it to 7 days. This would mitigate most of your risks
-
@cgtwts
@cgtwts
on x
Dude. [image]
-
@uubzu
@uubzu
on x
“The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran.” [image]
-
@ethicalhack3r
Ryan Dewhurst
on x
1.3M weekly downloads 😬
-
@hackinglz
Justin Elze
on x
I was promised AI powered malware and instead I got AI packages with malware
-
@peach2k2
@peach2k2
on x
>russian roulette if you're iranian or israeli istg next day i'm gonna hear about a ransomware forcing you to play touhou to decrypt your files [image]
-
@hiteshdotcom
Hitesh Choudhary
on x
For people who think that only JS ecosystem is compromised 🤯
-
@kotsoft
Grant Kot
on x
having fun with my mini shai-huluds [video]
-
@vxunderground
@vxunderground
on x
[image]
-
r/technology
r
on reddit
Compromised Mistral and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in ‘mini Shai Hulud’ malware infection …
-
@vxunderground
@vxunderground
on x
Good news everyone Shai-Hulud, that spoopy Git worm thingy everyones been yapping about, has been open-sourced. What does this mean? TeamPCP, or someone else, has released the fully weaponized worm for you. https://github.com/...
-
@sigkitten
@sigkitten
on x
tf do we even do now? shut down all package repos? the next time it comes back it'll be thousands of packages
-
@thdxr
Dax
on x
everyone's ideas for fixing the npm security issue shows how basically no one is capable of thinking at the scale of this problem
-
@socketsecurity
@socketsecurity
on x
🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs into @pypi and is still spreading. Newly confirmed compromised artifacts: @ opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads) mistralai: 2.4.6 on PyPI guardrails-ai: 0.10.1 on PyPI additional [image…
-
@adnanthekhan
Adnan Khan
on x
Not sharing the repo as we don't need more chaos - but it appears TeamPCP released an open-source version of their Shai-Hulud malware. Valuable for building detections. Treat the build code itself as backdoored unless proven otherwise. [image]
-
@_ueaj
@_ueaj
on x
It's kinda insane how persistent this one is, and from the other posts I've seen about the worm it's actually kinda cool. It's like a real virus making it's way throughout the ecosystem, it has a quantifiable basic reproduction number. But also the first sub 1B open source (or
-
@lowleveltweets
@lowleveltweets
on x
nah im just not gonna run npm install anymore
-
@intcyberdigest
@intcyberdigest
on x
🚨 How the TanStack npm attack actually happened: 1. Attacker opened a normal-looking pull request (#7378) on the TanStack repo. 2. GitHub automatically ran CI tests on that PR. 3. Code inside the PR stole the workflow's GitHub Actions Cache write token during the test run. 4.
-
@aikidosecurity
@aikidosecurity
on x
Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral. 373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more. The malware propagates by stealing your CI credentials and using them
-
@tan_stack
@tan_stack
on x
Our official post mortem on the security issue earlier today: https://tanstack.com/...
-
@aikidosecurity
@aikidosecurity
on x
🚨 Update: @mistralai npm packages are now confirmed compromised as part of the ongoing Mini Shai Hulud attack. Affected versions: @mistralai/mistralai 2.2.2, 2.2.3, 2.2.4@mistralai/mistralai-azure 1.7.1, 1.7.2, 1.7.3@mistralai/mistralai-gcp 1.7.1, 1.7.2, 1.7.3If you use the
-
@jait_chen
@jait_chen
on x
Supply-chain attacks through GitHub Actions are becoming increasingly difficult to prevent. Attackers can now use agents to discover new attack paths and automate exploitation at a scale we haven't seen before. Huge respect to the TanStack team for reacting so quickly and
-
@tan_stack
@tan_stack
on x
SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm
-
@thecto
Adam
on x
thing is, tanstack never claimed to be a SOTA infra provider, dunked on other people, or done shady things. that's why this is okay and i'm not migrating away
-
@mitsuhiko
Armin Ronacher
on x
Published via OIDC trusted publishing btw. I hope this ends this absurd idea that OIDC is the silver bullet to supply chain issues.
-
@socketsecurity
@socketsecurity
on x
@IntCyberDigest ... Mistral AI npm packages are now confirmed compromised as part of the ongoing Mini Shai-Hulud campaign. We're tracking the expanding supply chain attack, which has already hit TanStack, UiPath, and other package namespaces.
-
@ryancarson
Ryan Carson
on x
Add a minimum package age to help protect you from attacks like this
-
@artman
Tuomas Artman
on x
Your bi-monthly reminder that your one npm install away from getting pwned without the proper precautions.
-
@feross
@feross
on x
🚨 Active supply chain attack on @tan_stack. 84 npm packages in the @ tanstack namespace have been compromised with a credential-stealing worm. @ tanstack/react-router alone has 12M+ weekly downloads. The affected packages span react-router, solid-router, vue-router, start, and [i…
-
@socketsecurity
@socketsecurity
on x
🚨 BREAKING: 84 TanStack npm packages were compromised in an ongoing Mini Shai-Hulud supply chain attack, adding suspected CI credential-stealing malware. Socket flagged every malicious version within six minutes of publication. This is a developing story. [image]
-
@dabit3
Nader Dabit
on x
This is crazy. The hacker installed a dead-man's switch that will wipe your computer if you revoke the GitHub token they stole from you. Revoking the token is what triggers the wipe. [image]
-
@adnanthekhan
Adnan Khan
on x
This attack leveraged GitHub Actions Cache Poisoning. Payload deployed here: https://github.com/... It looks like it detonated here: https://github.com/...
-
@socketsecurity
@socketsecurity
on x
Update: Socket has found 121 more compromised npm package artifacts across 84 package names, including 64 UiPath artifacts. Combined w/ TanStack, the current known total is 205 affected npm package artifacts across enterprise automation, AI/MCP, auth, workflow, and dev tooling.
-
@tannerlinsley
Tanner Linsley
on x
Many recent TanStack Router versions from earlier today were compromised via a Mini Shai-Hulud Supply-Chain Attack. We've already unpublished affected versions and are still taking every action possible to secure our publishing pipelines. Luckily there's a lot of maintainers
-
@crutchcorn
Corbin Crutchley
on x
TanStack Router has genuinely been attacked. We're investigating as quickly as we can and are taking as many steps as we can to resolve.
-
@socketsecurity
@socketsecurity
on x
We'll publish more details as our investigation continues. Here are all the affected packages and versions: https://socket.dev/...
-
@samwho.dev
Sam Rose
on bluesky
This is an S-tier, gold standard write-up of the recent TanStack supply chain attack. — Extremely impressive how fast it was detected and mitigated, even if part of it was good luck. — tanstack.com/blog/npm-sup...
-
@mk.gg
Matt Kane
on bluesky
Good postmortem on the @tanstack.com supply-chain attack. The key part (which should be called out loudly): never run install on untrusted code inside a ‘pull_request_target’ workflow. — tanstack.com/blog/npm-sup... [image]
-
@campuscodi.risky.biz
Catalin Cimpanu
on bluesky
This thing has spread to UiPath packages.... that's a major business automation company and this thing just went nuclear just because all the sensitive places where UiPath is used [embedded post]
-
@campuscodi@mastodon.social
Catalin Cimpanu
on mastodon
TanStack has published a post-mortem of its supply chain attack — Blames hack on three vulnerabilities chained together, involving pull requests, GitHub actions, and OIDC tokens extracted from memory — https://tanstack.com/...
-
@campuscodi@mastodon.social
Catalin Cimpanu
on mastodon
This thing has spread to UiPath packages.... that's a major business automation company and this thing just went nuclear just because all the sensitive places where UiPath is used
-
r/reactjs
r
on reddit
Tanstack npm Packages Compromised