Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Posted on By CWS

Might 13, 2025Ravie LakshmananSupply Chain Assault / Blockchain
Cybersecurity researchers have found a malicious bundle on the Python Bundle Index (PyPI) repository that purports to be an utility associated to the Solana blockchain, however comprises malicious performance to steal supply code and developer secrets and techniques.
The bundle, named solana-token, is not out there for obtain from PyPI, however not earlier than it was downloaded 761 instances. It was first printed to PyPI in early April 2024, albeit with a wholly completely different model numbering scheme.
“When put in, the malicious bundle makes an attempt to exfiltrate supply code and developer secrets and techniques from the developer’s machine to a hard-coded IP tackle,” ReversingLabs researcher Karlo Zanki stated in a report shared with The Hacker Information.

Particularly, the bundle is designed to repeat and exfiltrate the supply code contained in all of the information within the Python execution stack below the guise of a blockchain perform named “register_node().”
This uncommon conduct means that the attackers need to exfiltrate delicate crypto-related secrets and techniques that could be hard-coded within the early levels of writing a program incorporating the malicious perform in query.
It is believed that builders trying to create their very own blockchains have been the probably targets of the menace actors behind the bundle. This evaluation relies on the bundle identify and the capabilities constructed into it.

The precise methodology by which the bundle might have been distributed to customers is presently not recognized, though it is prone to have been promoted on developer-focused platforms.
If something, the invention underscores the truth that cryptocurrency continues to be one of the common targets for provide chain menace actors, necessitating that builders take steps to scrutinize each bundle earlier than utilizing it.
“Improvement groups have to aggressively monitor for suspicious exercise or unexplained adjustments inside each open supply and industrial, third-party software program modules,” Zanki stated. “By stopping malicious code earlier than it’s allowed to penetrate safe improvement environments, groups can stop the sort of harmful provide chain assaults.”

Discovered this text fascinating? Observe us on Twitter  and LinkedIn to learn extra unique content material we put up.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers The Hacker News
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems The Hacker News
Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android The Hacker News
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version The Hacker News
Pen Testing for Compliance Only? It’s Time to Change Your Approach The Hacker News
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress The Hacker News