Cybersecurity researchers have uncovered a new malicious package on the Python Package Index (PyPI) repository disguised as a library from the Solana blockchain platform, intended to steal victim’s secrets.
“The legitimate Solana Python API project is known as ‘solana-py’ on GitHub, but simply ‘solana‘ on the Python software registry, PyPI,” Sonatype researcher Ax Sharma stated in a report published recently. “This minor difference in naming has been exploited by a malicious actor who uploaded a ‘solana-py’ project on PyPI.”
The malicious “solana-py” package received a total of 1,122 downloads since it was released on August 4, 2024. It is no longer accessible for download from PyPI.
One notable aspect of the library is that it used version numbers 0.34.3, 0.34.4, and 0.34.5. The latest version of the genuine “solana” package is 0.34.3, indicating an attempt by the threat actor to deceive users seeking “solana” into downloading “solana-py” instead.
Furthermore, the rogue package copied real code from the legitimate version but added additional code in the “__init__.py” script to harvest Solana blockchain wallet keys from the system.
This stolen information is then sent to a Hugging Face Spaces domain operated by the threat actor (“treeprime-gen.hf[.]space”), highlighting how threat actors exploit legitimate services for malicious activities.
This attack campaign presents a supply chain risk as Sonatype’s investigation found that legitimate libraries like “solders” reference “solana-py” in their PyPI documentation, potentially leading developers to mistakenly download “solana-py” from PyPI and increase the attack surface.
“In essence, if a developer utilizing the legitimate ‘solders’ PyPI package in their application is misled (by solders’ documentation) to fall for the typosquatted ‘solana-py’ project, they would inadvertently introduce a crypto stealer into their application,” Sharma explained.
“This action would not only compromise their secrets but also those of any user using the developer’s application.”
This revelation comes as Phylum reported identifying numerous spam npm packages on the registry with indications of Tea protocol abuse, a scheme first exposed in April 2024.
“The Tea protocol project is taking measures to address this issue,” the supply chain security firm noted. “It would be unfair to legitimate participants in the Tea protocol to have their rewards reduced due to others exploiting the system. Additionally, npm has initiated actions to remove some of these spammers, but the removal rate does not match the rate of new publications.”