Russian Hackers Infect Thousands of Computers Worldwide with Credential-Stealing Malware

Reflecto News | Breaking News | Cybersecurity

SAN FRANCISCO — A Russia-linked cyber threat actor has compromised thousands of computers worldwide with a sophisticated malware campaign that steals credentials — and includes a destructive feature that, for victims in Iran or Israel, has a one-in-six chance of completely wiping the infected device, according to Microsoft’s Threat Intelligence team .

The attack was carried out through a supply‑chain compromise of the official mistralai Python package on the Python Package Index (PyPI) — a code repository widely used by developers and data scientists. Version 2.4.6 of the package was maliciously altered and uploaded, though Mistral AI confirmed that it never officially released that version .

🔓 How the Attack Works

The malicious code is triggered automatically when the package is imported on a Linux system, making infection possible during routine development and deployment workflows . The compromised package then downloads a second-stage payload from an attacker-controlled server (83.142.209.194), which is saved as /tmp/transformers.pyz — a filename deliberately chosen to resemble the widely trusted Hugging Face Transformers library and blend into machine‑learning environments .

“The secondary payload functions primarily as a credential stealer, harvesting secrets and access tokens found on the compromised system, but it also contains country‑aware logic that avoids execution in Russian-language environments and includes a geofenced destructive branch.”
— Microsoft Threat Intelligence Team

After execution, the malware creates persistence artifacts on infected systems, including a pgmonitor.py file and a pgsql-monitor.service systemd unit .

💥 The Destructive ‘Dice Roll’

Once the payload identifies that the target computer is located in Iran or Israel, it initiates a randomization routine: there is a one-in-six chance (approximately 16.6 percent) that the malware executes the Unix command rm -rf /, which recursively deletes all files on the system, effectively destroying it . The command is one of the most powerful destructive commands in Linux and Unix systems, and its inclusion escalates the attack from espionage to outright sabotage.

The inclusion of a randomized destructive trigger is uncommon in state‑sponsored supply‑chain attacks, which more typically focus on persistent access, espionage, or data exfiltration. The “dice roll” mechanic suggests that the attackers intended to sow chaos and unpredictability, making it difficult for defenders to predict the scale or precise targets of the destructive phase .

The malware also actively avoids infecting systems configured to use the Russian language, suggesting the attackers sought to prevent collateral damage to Russian interests or infrastructure .

⚠️ Wider Supply‑Chain Campaign

The malicious mistralai package was not an isolated incident. The same threat actor is reported to have compromised over 170 npm packages and two PyPI packages on a single day, including the widely used TanStack (which has over 3 million weekly downloads), UiPath, OpenSearch, and Guardrails AI .

In a particularly alarming twist, the compromised TanStack packages came with valid provenance attestations, meaning that the attacker was able to produce cryptographically endorsed malicious code — essentially using the trust infrastructure designed to prevent such attacks to sign it . This suggests a level of sophistication that goes beyond typical supply‑chain compromises and raises urgent questions about the integrity of software supply‑chain trust mechanisms.

🧠 ‘Geo‑Fenced’ Destructive Logic

The “geo‑fenced” approach — targeting only Israeli and Iranian systems for the destructive payload — indicates a deliberate choice by the attackers to limit geopolitical fallout or focus the disruptive impact on specific adversaries. This targeting method is not new; other malware families have employed geographic restrictions to avoid detection or to direct their impact at intended victims .

Russia has previously been linked to destructive cyberattacks against Ukrainian infrastructure, including the 2017 NotPetya attack that caused billions of dollars in damage worldwide. The current campaign, with its credential‑stealing and randomized destructive payload, echoes that same blend of espionage and sabotage, deployed through the software supply chain — a vector that Russia’s adversaries, particularly state‑linked threat actors, have increasingly exploited .

🛡️ How to Mitigate and Respond

Microsoft has published guidance for organizations that may have been affected:

• Isolate potentially affected Linux hosts immediately
• Block network traffic to and from 83.142.209.194
• Hunt for the presence of /tmp/transformers.pyz, pgmonitor.py, and pgsql-monitor.service on systems
• Rotate exposed credentials and secrets that may have been compromised

Security teams should also review their use of mistralai version 2.4.6, which has since been removed from PyPI. The package was available on the official Python repository for an unknown period, and any organization that downloaded it should assume their environment has been compromised .

The attack highlights the growing risks of supply‑chain compromises in the open‑source ecosystem, particularly for machine‑learning and AI development workflows, as attackers increasingly target developer‑facing tools to reach higher‑value cloud and data assets .

📋 Key Takeaways for Reflecto News Readers

• Origin: Russia‑linked threat actor
• Attack Vector: Supply‑chain compromise of mistralai PyPI package (version 2.4.6)
• Payload: Credential stealer; also downloads a second‑stage dropper
• Destructive Feature: 1‑in‑6 chance to execute rm -rf / on systems in Iran or Israel
• Geographic Targeting: Destructive branch limited to Israel and Iran
• No infection in Russia: Malware avoids Russian‑language environments
• Infected Devices: Thousands of computers compromised globally
• Secondary Targets: Credential theft from developer and cloud environments
• Microsoft’s Advice: Hunt for IOCs, block malicious IP, isolate infected hosts

Follow Reflecto News for continuous updates on cybersecurity threats, supply‑chain attacks, and all breaking news from the world of infosec.

This article is the intellectual property of Reflecto News. Redistribution without attribution is prohibited.

Updated: May 13, 2026