Cybersecurity researchers have uncovered a new malicious package on the Python Package Index (PyPI) repository that pretends to be a library from the Solana blockchain platform but is actually designed to steal sensitive information from users.
“The legitimate Solana Python API project is known as ‘solana-py’ on GitHub, while on the Python software registry, PyPI, it is simply called ‘solana’,” explained Sonatype researcher Ax Sharma in a report published last week. “A threat actor took advantage of this slight naming difference to publish a ‘solana-py’ project on PyPI.”
The malicious “solana-py” package was downloaded 1,122 times since its release on August 4, 2024, before it was removed from PyPI.
A notable aspect of this fake library is that it was released under the version numbers 0.34.3, 0.34.4, and 0.34.5, with the legitimate “solana” package’s latest version being 0.34.3. This versioning tactic clearly aimed to deceive users searching for “solana” into mistakenly downloading “solana-py.”
Additionally, the rogue package copied code from the authentic library but added extra code in the “__init__.py” script, which was designed to harvest Solana blockchain wallet keys from the user’s system.
This stolen data was then sent to a Hugging Face Spaces domain controlled by the attacker (“treeprime-gen.hf[.]space”), highlighting how threat actors are exploiting legitimate services for malicious purposes.
The campaign poses a supply chain risk, as Sonatype’s investigation revealed that legitimate libraries like “solders” referenced “solana-py” in their PyPI documentation. This could lead developers to unintentionally download “solana-py” from PyPI, increasing the attack’s reach.
“In other words, if a developer using the legitimate ‘solders’ PyPI package is misled by its documentation into downloading the typosquatted ‘solana-py’ project, they would unknowingly introduce a crypto stealer into their application,” Sharma explained.
“This would not only compromise their own secrets but also those of any user running the developer’s application.”
This disclosure comes as Phylum reported identifying hundreds of thousands of spam npm packages in the registry, showing signs of Tea protocol abuse—a campaign that first surfaced in April 2024.
“The Tea protocol project is taking measures to address this issue,” the supply chain security firm stated. “It wouldn’t be fair for legitimate participants in the Tea protocol to have their earnings reduced because of these scams. Although npm has started removing some of these spam packages, the removal rate hasn’t kept pace with the rate at which new ones are being published.”
 repository that pretends to be a library from the Solana blockchain platform but is actually designed to steal sensitive information from users.){kind=link}