January 20, 2025 –Malicious npm and PyPI packages targeting Solana wallets and projects have been discovered. Wallets drained, project files wiped, and security concerns grow.
In a shocking revelation, cybersecurity researchers have uncovered a targeted attack exploiting malicious NPM and PyPI packages to infiltrate Solana wallets and compromise sensitive systems. The attackers have gone a step further by incorporating kill switch” functions to wipe project directories clean, leaving developers reeling.
The attack involves typosquatting – malicious packages disguised as legitimate libraries – such as solana-transaction-toolkit and solana-stable-web-huks. These packages, once installed, intercept private keys and exfiltrate them using Gmail’s SMTP servers, bypassing firewalls and security systems.
Victims’ wallets are drained automatically, with up to 98% of funds being transferred to attacker-controlled accounts. Kirill Boychenko, a security researcher, warns:
Using trusted platforms like Gmail makes these attacks stealthy and effective, evading typical detection mechanisms.
The attackers also deployed malicious GitHub repositories under aliases like moonshot-wif-hwan,” further extending their campaign. These repositories masquerade as Solana development tools but stealthily import the infected packages.
More alarming is the inclusion of kill switches in some npm packages, such as csbchalk-next, which delete entire project directories after receiving a specific server command. PyPI packages like pycord-self are targeting Python developers, stealing Discord tokens and enabling persistent backdoors.
Socket, the supply chain security firm that discovered the attack says:
This is a stark reminder of the evolving threat landscape. Developers must scrutinize dependencies to avoid falling victim.
Other News At VPNRanks
- Fake Job Offers Install Crypto Miners: CrowdStrike Alert
- OpenAI Unveils Operator: AI Agent for Autonomous Online Tasks
- WordPress Real Estate Plugins Vulnerable to Admin Takeovers
- 4.2M Hosts at Risk: Flawed Tunnels Enable Silent Cyber Attacks
- Ivanti Flaw Exploited Globally, CISA Demands Emergency Patch
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life.
