mistralai-python - isotope¹³

Incident Summary

Mistral AI Python SDK backdoored on PyPI

The mistralai Python package version 2.4.6 contained an import-time Linux backdoor in src/mistralai/client/__init__.py. The added code downloaded https://83.142.209.194/transformers.pyz with curl -k, saved it to /tmp/transformers.pyz, and executed it as a background Python process when users imported mistralai, guarded only by the MISTRAL_INIT environment variable and silently swallowing errors. JFrog later reported that the remote payload changed from TeamPCP attribution text into a Python credential stealer that harvested local, cloud, Kubernetes, Vault, password-manager, and developer-tooling secrets, exfiltrated encrypted data, and could install pgsql-monitor persistence with destructive second-stage behavior.

Date: 2026-05-12
Category: Open Source
Target Surface: Package registry
Insertion Phase: distribution
Impact: Credential theft
Cause: Compromised Account/Credentials

What Was Affected

Package mistralai-python

LanguagePython

ComponentLibrary

Artifact typesource archive

Domain typepackage host

Domain pypi.org

Repository github.com/mistralai/client-python

Compromised Versions

2.4.6

Incident Context

Motive: Credential Theft
Transitive: No
User Impact: 0
Observed Duration: 0 days

Evidence

Compromised Artifacts

pypi.org/project/mistralai/2.4.6

Indicators and Changes

Hashes

sha256:6dbaa43bf2f3c0d3cddbca74967e952da563fb974c1ef9d4ecbb2e58e41fe81b
sha256:2a314ea8be337e1ca9ec833ed13ed854d9fd38bce0a519cf288f3bec8d9e6f30
sha256:5245eb032e336b85cff0dbb3450d591826bf2ef214fd30d7eba1a763664e151b

External References

Source Data

Source record: oss/mistralai-python/meta.yaml