Security News > 2024 > August > Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

Cybersecurity researchers have discovered a new malicious package on the Python Package Index repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets.

"The legitimate Solana Python API project is known as 'solana-py' on GitHub, but simply 'solana' on the Python software registry, PyPI," Sonatype researcher Ax Sharma said in a report published last week.

This clearly indicates an attempt on the part of the threat actor to trick users looking for "Solana" into inadvertently downloading "Solana-py" instead. What's more, the rogue package borrows the real code from its counterpart, but injects additional code in the " init.

Py" script that's responsible for harvesting Solana blockchain wallet keys from the system.

The attack campaign poses a supply chain risk in that Sonatype's investigation found that legitimate libraries like "Solders" make references to "Solana-py" in their PyPI documentation, leading to a scenario where developers could have mistakenly downloaded "Solana-py" from PyPI and broadened the attack surface.

"In other words, if a developer using the legitimate 'solders' PyPI package in their application is mislead to fall for the typosquatted 'solana-py' project, they'd inadvertently introduce a crypto stealer into their application," Sharma explained.

News URL

https://thehackernews.com/2024/08/rogue-pypi-library-solana-users-steals.html