Microsoft is investigating a compromised Python package, mistralai v2.4.6, which impersonated the official Mistral AI library. The incident is part of a coordinated supply chain attack named Mini Shai-Hulud.
The campaign has affected over 170 packages across the npm and PyPI registries. Impacted libraries include those for TanStack and UiPath.
The malware steals developer credentials for GitHub, cloud platforms, and CI/CD pipelines. The malicious code specifically avoids execution on Russian-language systems.
A geofenced destructive function targets systems in Israel and Iran with potential file deletion. Microsoft advises all affected developers to rotate credentials immediately.