.webp)
The use of legitimate services for malicious activities highlights a growing trend in cyber threats
Cybersecurity experts have uncovered a new threat on the Python Package Index (PyPI), where a malicious package disguised as a legitimate Solana library has been used to steal blockchain wallet keys. The counterfeit package, termed "solana-py," imitates the legitimate Solana Python API.
The deceptive package, uploaded on August 4, 2024, managed to accumulate 1,122 downloads before its removal. It carried misleading version numbers—0.34.3, 0.34.4, and 0.34.5—intended to confuse users seeking the authentic “solana” library, whose latest version is 0.34.3. Upon installation, the counterfeit “solana-py” package extracted sensitive data from users’ systems through an altered "init.py" script. This stolen information was then transmitted to a domain hosted on Hugging Face Spaces by the attacker. The use of legitimate services for malicious activities highlights a growing trend in cyber threats. This incident also indicates a risk in supply chain. Legitimate packages, such as “solders,” referenced “solana-py” in their PyPI documentation, increasing the likelihood that developers could inadvertently introduce the malicious package into their applications. This not only compromises their own secrets but potentially those of their users as well.
In related news, Phylum reported a surge in spam npm packages associated with the Tea protocol, which has been under scrutiny since April 2024. Efforts are underway to address this issue, but the rate of spam package creation continues to outpace the takedown efforts.
.webp)
.webp)
