PyPI package targets Solana developers

May 21, 2025, 7:34 p.m.

Description

A malicious PyPI package named solana-token has been discovered targeting Solana blockchain developers. The package, downloaded over 600 times, attempts to steal source code and developer secrets from infected machines. It uses suspicious behaviors like communicating with IP addresses on non-standard ports and reading from files to exfiltrate data to a remote server. This attack is part of a broader trend of supply chain attacks on cryptocurrency projects, with 23 such campaigns identified in 2024 alone. The package name was previously used for another malicious module, suggesting possible reuse by the same threat actors. Developers are urged to monitor for suspicious activity in open source and third-party software to prevent such supply chain attacks.

Date

  • Created: May 13, 2025, 9:01 p.m.
  • Published: May 13, 2025, 9:01 p.m.
  • Modified: May 21, 2025, 7:34 p.m.

Attack Patterns

Additional Informations

  • Technology
  • Finance