Malicious code in spl-token-py (PyPI)

---

__

Source: amazon-inspector (e05ba3043dc87365ee0b1dc44cc58243b34b6cdccdf258c5bb9218a06a65d336)

On import spl_token_py, the package's init.py collects sensitive files from the installer's machine — ~/.config/solana/id.json (Solana wallet key), ~/.ssh/id_rsa and ~/.ssh/id_ed25519 (SSH private keys), ~/.aws/credentials, and.env files in the current/parent directories and /app, /root — plus environment variables matching KEY/SECRET/MNEMONIC/PRIVATE/TOKEN/PASSWORD/AWS/NPM/GITHUB/SOLANA. The collected data is POSTed to api.telegram.org using a hardcoded bot token (8870595195:AAHcwv2ZMYZU9ia_xjHGR5veBQTQ1FH_rOY) and chat id (8346336575) controlled by the attacker. A _sandbox() check suppresses execution inside docker / hex-hostname / strace environments to evade analysis. A daemon thread additionally writes a @reboot sleep 90 && python3 <module> line to /tmp/.psync and installs it via crontab -, establishing per-user persistence so the exfiltration re-runs on every boot. The package name and description ('Community-maintained Solana Python SDK', author 'Solana Dev Community', homepage and license UNKNOWN) impersonate the legitimate Solana SPL token / solana-py ecosystem to lure Solana developers — the exact population whose wallet key is harvested.

Source: kam193 (cda7dee5497d0dc5e9e79265b9ae729b0b821c66baa883f3abe723423614cb43)

During import, the package exfiltrates sensitive data (credentials, SSH keys, cryptowallet's data). It also establishes persistence via a cronjob.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-spl-token-py

Reasons (based on the campaign):

• crypto-related

• typosquatting

• exfiltration-ssh-keys

• exfiltration-credentials

• exfiltration-crypto

• exfiltration-env-variables

• persistence

• uses-telegram-bot

• The package contains code to detect if it is running in a sandbox environment.