Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

May 13, 2025Ravie LakshmananSupply Chain Attack / Blockchain

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets.

The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first published to PyPI in early April 2024, albeit with an entirely different version numbering scheme.

“When installed, the malicious package attempts to exfiltrate source code and developer secrets from the developer’s machine to a hard-coded IP address,” ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News.

In particular, the package is designed to copy and exfiltrate the source code contained in all the files in the Python execution stack under the guise of a blockchain function named “register_node().”

This unusual behavior suggests that the attackers are looking to exfiltrate sensitive crypto-related secrets that may be hard-coded in the early stages of writing a program incorporating the malicious function in question.

It’s believed that developers looking to create their own blockchains were the likely targets of the threat actors behind the package. This assessment is based on the package name and the functions built into it.

The exact method by which the package may have been distributed to users is currently not known, although it’s likely to have been promoted on developer-focused platforms.

If anything, the discovery underscores the fact that cryptocurrency continues to be one of the most popular targets for supply chain threat actors, necessitating that developers take steps to scrutinize every package before using it.

“Development teams need to aggressively monitor for suspicious activity or unexplained changes within both open source and commercial, third-party software modules,” Zanki said. “By stopping malicious code before it is allowed to penetrate secure development environments, teams can prevent the kind of destructive supply chain attacks.”

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!