Launch Week Day 1: Announcing Security Design Review
Start for Free
CRITICAL PyPI Malware

Malicious code in solana-cli-py (PyPI)

MAL-2026-5336

Published · Modified

Description

__

Source: amazon-inspector (80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd)

On import solana_cli_py, the package's top-level __init__.py unconditionally invokes _report(), which harvests standard developer-side secret material and POSTs it to a hardcoded Telegram bot. Targeted paths include ~/.ssh/id_rsa and ~/.ssh/id_ed25519, ~/.aws/credentials, the Solana wallet keypairs ~/.config/solana/id.json and ~/.solana/id.json, and .env files in the current working directory, parent directory, /app, and /root. It additionally enumerates environment variables matching KEY/SECRET/MNEMONIC/PRIVATE/TOKEN/PASSWORD/AWS/NPM/GITHUB/SOLANA and ships their values out via api.telegram.org/bot<redacted>/sendMessage to chat id 8346336575. A background daemon thread then writes @reboot sleep 90 && python3 <abs path to __init__.py> into /tmp/.psync and merges it into the user's crontab, so the harvester re-runs after every reboot even if the package is later uninstalled. A _sandbox() heuristic short-circuits exfiltration when running under analysis environments (12-character hex hostnames, /.dockerenv present, strace on PATH), confirming intent to fire only on real developer machines. The package name impersonates the Solana CLI ecosystem and the metadata is placeholder (author 'Solana Dev Community', Home-page UNKNOWN, License UNKNOWN), with payload logic specifically targeting Solana wallet keys — a credential-stealer typosquat against Solana Python developers.

Source: kam193 (d1906f26c40e0ea91316c6c85ba5fea16d52a711c7a5edf3d847578cdd653715)

During import, the package exfiltrates sensitive data (credentials, SSH keys, cryptowallet's data). It also establishes persistence via a cronjob.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-spl-token-py

Reasons (based on the campaign):

  • crypto-related

  • typosquatting

  • exfiltration-ssh-keys

  • exfiltration-credentials

  • exfiltration-crypto

  • exfiltration-env-variables

  • persistence

  • uses-telegram-bot

  • The package contains code to detect if it is running in a sandbox environment.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes