Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Malicious Python Package Dupes Devs, Steals Solana Wallet Keys: A Cautionary Tale
Cybersecurity researchers have found a malicious PyPI package masquerading as a Solana library, designed to steal secrets. Named “solana-py,” it mimics the legitimate “solana” package and has been downloaded 1,122 times. This typo-squatting attack highlights the risks of supply chain vulnerabilities in software development.
Hot Take:
Looks like the Solana blockchain’s got more bugs than a summer picnic! Who knew a ‘solana-py’ could be more toxic than a python bite? This latest PyPI package drama is a reminder that even in the world of code, typos can be deadly.
Key Points:
- Malicious package “solana-py” discovered on PyPI, mimicking legitimate Solana blockchain library.
- The fake package was downloaded 1,122 times before being removed.
- It injected code to steal Solana wallet keys and exfiltrate them to a rogue domain.
- Legitimate libraries like “solders” inadvertently referenced the malicious package, increasing the attack surface.
- Similar issues have been seen with npm packages and the Tea protocol.
Already a member? Log in here