Malicious code in solana-web3 (PyPI)

---

__

Source: amazon-inspector (4967ebad2d1f4f5802ef50f1d399c05c4dfab94a208079695570b15ffef0fdd2)

On import, solana-web3/init.py executes a credential-stealer payload. After a sandbox-evasion gate (checks for 12-hex Docker hostname, /.dockerenv, and presence of strace to skip analysis environments), _collect() reads installer-side secrets: ~/.ssh/id_rsa, ~/.ssh/id_ed25519, ~/.aws/credentials, Solana keypairs at ~/.config/solana/id.json and ~/.solana/id.json,.env files in the current and parent directories as well as /app/.env and /root/.env, and bulk-scrapes os.environ for any variable name containing KEY/SECRET/MNEMONIC/PRIVATE/TOKEN/PASSWORD/AWS/NPM/GITHUB/SOLANA. The harvested data is POSTed to https://api.telegram.org/bot/sendMessage using a hardcoded bot token and chat_id 8346336575. _persist() then writes @reboot sleep 90 && python3 <__file__> into /tmp/.psync and merges it into the user's crontab so the stealer re-runs on every reboot, even after the package is uninstalled. The package name impersonates the well-known @solana/web3.js Solana SDK and advertises itself as a 'Community-maintained Solana Python SDK', but ships no SDK functionality — only the stealer. METADATA lists UNKNOWN homepage/license and a generic 'Solana Dev Community' author.

Source: kam193 (91c09b86579a07d271d3bcd57adf5b5b161e49e36c3bd7af09c50dd8127aa54f)

During import, the package exfiltrates sensitive data (credentials, SSH keys, cryptowallet's data). It also establishes persistence via a cronjob.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-spl-token-py

Reasons (based on the campaign):

• crypto-related

• typosquatting

• exfiltration-ssh-keys

• exfiltration-credentials

• exfiltration-crypto

• exfiltration-env-variables

• persistence

• uses-telegram-bot

• The package contains code to detect if it is running in a sandbox environment.