Cybersecurity experts have recently uncovered a malicious package on the Python Package Index (PyPI) repository, which falsely presents itself as a library from the Solana blockchain platform. Instead of offering legitimate functionality, the package is designed to steal sensitive information from victims.
Sonatype researcher Ax Sharma highlighted the issue, noting that while the official Solana Python API is named “solana-py” on GitHub, it’s listed simply as “solana“ on PyPI. This slight naming variation was exploited by a threat actor who released a “solana-py” package on PyPI.
Since its release on August 4, 2024, the malicious “solana-py” package has been downloaded 1,122 times. It has since been removed from PyPI.
A key tactic used by the attacker was to assign version numbers 0.34.3, 0.34.4, and 0.34.5 to the malicious library, closely resembling the legitimate “solana” package’s latest version of 0.34.3. This was clearly an attempt to deceive users into downloading “solana-py” instead of the genuine “solana.”
Moreover, the rogue package replicates the legitimate code but includes additional malicious code in the “init.py” script to steal Solana blockchain wallet keys.
This stolen information is then transmitted to a domain on Hugging Face Spaces (“treeprime-gen.hf[.]space“) controlled by the threat actor, demonstrating how legitimate services are being misused for malicious purposes.
The campaign represents a supply chain risk, as Sonatype’s investigation revealed that legitimate libraries like “solders” referenced “solana-py” in their PyPI documentation, potentially leading developers to unknowingly download the malicious package and thus expand the attack surface.
Sharma explained that developers using the legitimate “solders” package could be misled by the documentation and inadvertently introduce the crypto-stealing code into their applications, compromising both their secrets and those of their users.
This disclosure follows a report by Phylum identifying hundreds of thousands of spam npm packages abusing the Tea protocol, a problem first exposed in April 2024. The Tea protocol project and npm are taking steps to address the issue, though the rate of spam package removal still lags behind the rate of new publications.
Source: TheHackerNews
