{"id":"MAL-2026-5339","summary":"Malicious code in spl-token-py (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (e05ba3043dc87365ee0b1dc44cc58243b34b6cdccdf258c5bb9218a06a65d336)\nOn `import spl_token_py`, the package's __init__.py collects sensitive files from the installer's machine — ~/.config/solana/id.json (Solana wallet key), ~/.ssh/id_rsa and ~/.ssh/id_ed25519 (SSH private keys), ~/.aws/credentials, and.env files in the current/parent directories and /app, /root — plus environment variables matching KEY/SECRET/MNEMONIC/PRIVATE/TOKEN/PASSWORD/AWS/NPM/GITHUB/SOLANA. The collected data is POSTed to api.telegram.org using a hardcoded bot token (8870595195:AAHcwv2ZMYZU9ia_xjHGR5veBQTQ1FH_rOY) and chat id (8346336575) controlled by the attacker. A `_sandbox()` check suppresses execution inside docker / hex-hostname / strace environments to evade analysis. A daemon thread additionally writes a `@reboot sleep 90 && python3 \u003cmodule\u003e` line to /tmp/.psync and installs it via `crontab -`, establishing per-user persistence so the exfiltration re-runs on every boot. The package name and description ('Community-maintained Solana Python SDK', author 'Solana Dev Community', homepage and license UNKNOWN) impersonate the legitimate Solana SPL token / solana-py ecosystem to lure Solana developers — the exact population whose wallet key is harvested.\n\n## Source: kam193 (cda7dee5497d0dc5e9e79265b9ae729b0b821c66baa883f3abe723423614cb43)\nDuring import, the package exfiltrates sensitive data (credentials, SSH keys, cryptowallet's data). It also establishes persistence via a cronjob.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-spl-token-py\n\n\nReasons (based on the campaign):\n\n\n - crypto-related\n\n\n - typosquatting\n\n\n - exfiltration-ssh-keys\n\n\n - exfiltration-credentials\n\n\n - exfiltration-crypto\n\n\n - exfiltration-env-variables\n\n\n - persistence\n\n\n - uses-telegram-bot\n\n\n - The package contains code to detect if it is running in a sandbox environment.\n","modified":"2026-06-11T04:01:30.777442939Z","published":"2026-06-08T22:19:51Z","database_specific":{"malicious-packages-origins":[{"sha256":"cda7dee5497d0dc5e9e79265b9ae729b0b821c66baa883f3abe723423614cb43","versions":["1.0.0"],"modified_time":"2026-06-08T22:19:52.014893Z","import_time":"2026-06-08T23:01:22.271405917Z","id":"pypi/2026-06-spl-token-py/spl-token-py","source":"kam193"},{"modified_time":"2026-06-11T03:10:48Z","versions":["1.0.0"],"sha256":"e05ba3043dc87365ee0b1dc44cc58243b34b6cdccdf258c5bb9218a06a65d336","import_time":"2026-06-11T03:48:52.191835352Z","id":"IN-MAL-2026-005445","source":"amazon-inspector"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/spl-token-py"},{"type":"PACKAGE","url":"https://pypi.org/project/spl-token-py/1.0.0/"}],"affected":[{"package":{"name":"spl-token-py","ecosystem":"PyPI","purl":"pkg:pypi/spl-token-py"},"versions":["1.0.0"],"database_specific":{"indicators":{"package_integrity":[{"filename":"spl_token_py-1.0.0-py3-none-any.whl","hashes":{"md5":"19b5b861094eed31ec1ddd7d95eb027f","sha256":"84d649b9740470ac15e22cb864e46170a06678880c06ca9b69633e9200833e67","blake2b_256":"0d80cf4c59c3835bdf1b7ea7c17038870504905886f0b2d592f474384cad589d"}}],"evidence_files":[{"sha256":"96f8547a8b1ef16709dab07b25ab278bd2a547fa1ca956ffff0eb19269cb0f44","tlsh":"d05195c135560829e086aa9f1c1580d4238fbf5308339ab8baddb780cfc45b89a75b9c","path":"spl-token-py/__init__.py"},{"sha256":"286901550bbca988a6c136c14584c3cc6b8686f5b0402ecbb268d61ef771b3c8","tlsh":"0ed0a78007e1c523f1c696cf15ad43d71df29611644e3cffc809354847a12e39fa6976","path":"spl_token_py-1.0.0.dist-info/METADATA"}]},"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/spl-token-py/MAL-2026-5339.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}