Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

https://firewall.firm.in/wp-content/uploads/2024/08/python.jpg

Aug 11, 2024Ravie LakshmananSupply Chain / Software Security

Rogue PyPI Library

Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims’ secrets.

“The legitimate Solana Python API project is known as ‘solana-py’ on GitHub, but simply ‘solana’ on the Python software registry, PyPI,” Sonatype researcher Ax Sharma said in a report published last week. “This slight naming discrepancy has been leveraged by a threat actor who published a ‘solana-py’ project on PyPI.”

The malicious “solana-py” package attracted a total of 1,122 downloads since it was published on August 4, 2024. It’s no longer available for download from PyPI.

Cybersecurity

The most striking aspect of the library is that it carried the version numbers 0.34.3, 0.34.4, and 0.34.5. The latest version of the legitimate “solana” package is 0.34.3. This clearly indicates an attempt on the part of the threat actor to trick users looking for “solana” into inadvertently downloading “solana-py” instead.

What’s more, the rogue package borrows the real code from its counterpart, but injects additional code in the “__init__.py” script that’s responsible for harvesting Solana blockchain wallet keys from the system.

This information is then exfiltrated to a Hugging Face Spaces domain operated by the threat actor (“treeprime-gen.hf[.]space”), once again underscoring how threat actors are abusing legitimate services for malicious purposes.

The attack campaign poses a supply chain risk in that Sonatype’s investigation found that legitimate libraries like “solders” make references to “solana-py” in their PyPI documentation, leading to a scenario where developers could have mistakenly downloaded “solana-py” from PyPI and broadened the attack surface.

“In other words, if a developer using the legitimate ‘solders’ PyPI package in their application is mislead (by solders’ documentation) to fall for the typosquatted ‘solana-py’ project, they’d inadvertently introduce a crypto stealer into their application,” Sharma explained.

Cybersecurity

“This would not only steal their secrets, but those of any user running the developer’s application.”

The disclosure comes as Phylum said it identified hundreds of thousands of spam npm packages on the registry containing markers of Tea protocol abuse, a campaign that first came to light in April 2024.

“The Tea protocol project is taking steps to remediate this problem,” the supply chain security firm said. “It would be unfair to legitimate participants in the Tea protocol to have their remuneration reduced because others are scamming the system. Also, npm has begun to take down some of these spammers, but the takedown rate does not match the new publication rate.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket