Security News > 2025 > May > Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first

News URL

https://thehackernews.com/2025/05/malicious-pypi-package-posing-as-solana.html