{"id":"MAL-2026-5336","summary":"Malicious code in solana-cli-py (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd)\nOn `import solana_cli_py`, the package's top-level `__init__.py` unconditionally invokes `_report()`, which harvests standard developer-side secret material and POSTs it to a hardcoded Telegram bot. Targeted paths include `~/.ssh/id_rsa` and `~/.ssh/id_ed25519`, `~/.aws/credentials`, the Solana wallet keypairs `~/.config/solana/id.json` and `~/.solana/id.json`, and `.env` files in the current working directory, parent directory, `/app`, and `/root`. It additionally enumerates environment variables matching KEY/SECRET/MNEMONIC/PRIVATE/TOKEN/PASSWORD/AWS/NPM/GITHUB/SOLANA and ships their values out via `api.telegram.org/bot\u003credacted\u003e/sendMessage` to chat id 8346336575. A background daemon thread then writes `@reboot sleep 90 && python3 \u003cabs path to __init__.py\u003e` into `/tmp/.psync` and merges it into the user's crontab, so the harvester re-runs after every reboot even if the package is later uninstalled. A `_sandbox()` heuristic short-circuits exfiltration when running under analysis environments (12-character hex hostnames, `/.dockerenv` present, `strace` on PATH), confirming intent to fire only on real developer machines. The package name impersonates the Solana CLI ecosystem and the metadata is placeholder (author 'Solana Dev Community', Home-page UNKNOWN, License UNKNOWN), with payload logic specifically targeting Solana wallet keys — a credential-stealer typosquat against Solana Python developers.\n\n## Source: kam193 (d1906f26c40e0ea91316c6c85ba5fea16d52a711c7a5edf3d847578cdd653715)\nDuring import, the package exfiltrates sensitive data (credentials, SSH keys, cryptowallet's data). It also establishes persistence via a cronjob.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-spl-token-py\n\n\nReasons (based on the campaign):\n\n\n - crypto-related\n\n\n - typosquatting\n\n\n - exfiltration-ssh-keys\n\n\n - exfiltration-credentials\n\n\n - exfiltration-crypto\n\n\n - exfiltration-env-variables\n\n\n - persistence\n\n\n - uses-telegram-bot\n\n\n - The package contains code to detect if it is running in a sandbox environment.\n","modified":"2026-06-11T05:46:31.390785845Z","published":"2026-06-08T22:21:41Z","database_specific":{"malicious-packages-origins":[{"import_time":"2026-06-08T23:01:22.262353613Z","sha256":"d1906f26c40e0ea91316c6c85ba5fea16d52a711c7a5edf3d847578cdd653715","modified_time":"2026-06-08T22:21:41.216404Z","source":"kam193","versions":["1.0.0"],"id":"pypi/2026-06-spl-token-py/solana-cli-py"},{"import_time":"2026-06-11T05:40:57.816332999Z","versions":["1.0.0"],"modified_time":"2026-06-11T04:44:50Z","source":"amazon-inspector","sha256":"80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd","id":"IN-MAL-2026-005467"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/solana-cli-py"},{"type":"PACKAGE","url":"https://pypi.org/project/solana-cli-py/1.0.0/"}],"affected":[{"package":{"name":"solana-cli-py","ecosystem":"PyPI","purl":"pkg:pypi/solana-cli-py"},"versions":["1.0.0"],"database_specific":{"indicators":{"evidence_files":[{"sha256":"96f8547a8b1ef16709dab07b25ab278bd2a547fa1ca956ffff0eb19269cb0f44","tlsh":"d05195c135560829e086aa9f1c1580d4238fbf5308339ab8baddb780cfc45b89a75b9c","path":"solana-cli-py/__init__.py"},{"sha256":"555015238ff5eeffdbc3b1da5f7ce37bf4f55d261254dd499f3cae9464ad4279","tlsh":"37d05e400be18423f18682cf1aae43d61df2a600644e28abcc09340843a12e2afa6976","path":"solana_cli_py-1.0.0.dist-info/METADATA"}],"package_integrity":[{"hashes":{"md5":"19f6a177e58a88c2db63dc64dfcf6d59","sha256":"02d8128d18f8fe9e5e65da871e503d81d7e584e94e95ee5320964a6bad02c784","blake2b_256":"8d1d230523620d5f33ebc547a02838fd50549cf80e69265dd1858dc2e3c526a9"},"filename":"solana_cli_py-1.0.0-py3-none-any.whl"}]},"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/solana-cli-py/MAL-2026-5336.json","cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}