MAL-2026-3608

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mistralai/MAL-2026-3608.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-3608

Published

2026-05-12T05:49:00Z

Modified

2026-05-12T07:07:23.837500Z

Summary

Malicious code in mistralai (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: google-open-source-security (5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5)

This package was compromised as part of the "Mini Shai-Hulud is back" worm by the TeamPCP threat actor.

The package will steal credentials and then propogate it to every package it has access to. The package also attempts to remain persistent.

Database specific

{
    "iocs": {
        "domains": [
            "git-tanstack.com",
            "filev2.getsession.org",
            "api.masscan.cloud",
            "seed1.getsession.org"
        ]
    },
    "malicious-packages-origins": [
        {
            "import_time": "2026-05-12T06:23:00.48559Z",
            "sha256": "5e1924464368f0c5816ee84e000cc47017f44045140feafbbc9e685d847ed5a5",
            "source": "google-open-source-security",
            "modified_time": "2026-05-12T06:19:26Z",
            "versions": [
                "0.10.1"
            ]
        }
    ]
}

References

Affected packages

PyPI / mistralai

Package

Name: mistralai; View open source insights on deps.dev
Purl: pkg:pypi/mistralai

Affected ranges

Affected versions

2.*

2.4.6

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/mistralai/MAL-2026-3608.json"