MAL-2026-5336
Malicious code in solana-cli-py (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: amazon-inspector (80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd) On `import solana_cli_py`, the package's top-level `__init__.py` unconditionally invokes `_report()`, which harvests standard developer-side secret material and POSTs it to a hardcoded Telegram bot. Targeted paths include `~/.ssh/id_rsa` and `~/.ssh/id_ed25519`, `~/.aws/credentials`, the Solana wallet keypairs `~/.config/solana/id.json` and `~/.solana/id.json`, and `.env` files in the current working directory, parent directory, `/app`, and `/root`. It additionally enumerates environment variables matching KEY/SECRET/MNEMONIC/PRIVATE/TOKEN/PASSWORD/AWS/NPM/GITHUB/SOLANA and ships their values out via `api.telegram.org/bot<redacted>/sendMessage` to chat id 8346336575. A background daemon thread then writes `@reboot sleep 90 && python3 <abs path to __init__.py>` into `/tmp/.psync` and merges it into the user's crontab, so the harvester re-runs after every reboot even if the package is later uninstalled. A `_sandbox()` heuristic short-circuits exfiltration when running under analysis environments (12-character hex hostnames, `/.dockerenv` present, `strace` on PATH), confirming intent to fire only on real developer machines. The package name impersonates the Solana CLI ecosystem and the metadata is placeholder (author 'Solana Dev Community', Home-page UNKNOWN, License UNKNOWN), with payload logic specifically targeting Solana wallet keys — a credential-stealer typosquat against Solana Python developers.
## Source: kam193 (d1906f26c40e0ea91316c6c85ba5fea16d52a711c7a5edf3d847578cdd653715) During import, the package exfiltrates sensitive data (credentials, SSH keys, cryptowallet's data). It also establishes persistence via a cronjob.
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-spl-token-py
Reasons (based on the campaign):
- crypto-related
- typosquatting
- exfiltration-ssh-keys
- exfiltration-credentials
- exfiltration-crypto
- exfiltration-env-variables
- persistence
- uses-telegram-bot
- The package contains code to detect if it is running in a sandbox environment.
Are you affected?
Enter the version of the package you're using.
Affected packages
No fixed version published yet for solana-cli-py (pip). Pin to a known-safe version or switch to an alternative.