Malicious Packages Target Solana Users for Data Theft
/ 1 min read
🔑 Malicious npm and PyPI packages threaten Solana users with data theft. Cybersecurity researchers from Socket have identified several malicious packages in the npm and Python Package Index (PyPI) repositories designed to steal sensitive data and delete files from infected systems. Notably, packages like solana-transaction-toolkit
and solana-stable-web-huks
can intercept Solana private keys and drain wallets by transferring funds to attacker-controlled addresses. These packages exploit Gmail’s SMTP servers to evade detection. Additionally, counterfeit packages incorporate a “kill switch” to wipe project files, while others target Python developers by capturing Discord authentication tokens. This incident highlights a broader trend of supply chain attacks aimed at developers seeking legitimate tools.
