Author

Topic: Malicious crypto stealing Solana library in Python Package Index (PyPI) (Read 82 times)

hero member
Activity: 630
Merit: 510
The biggest mistake is to use a cryptocurrency wallet with a device you use daily, as downloading a library that you think is safe or has been hacked or contains a software error will all open backdoors and make your device vulnerable to hacker attacks.

Always use cold storage and track your wallet by public key or MPK.
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
Thank you for sharing, OP! Supply chain attacks have become more common in the last few years and unfortunately there doesn't seem to be any easy solutions.

---

This shows that we really need to be more careful because scammers are getting smarter everyday. I would have loved to know if this application can have access to any type of wallet I have on my PC? For instance, if I have Electrum wallet in my PC with Bitcoin in it before accidentally downloading this PyPI, will I lose the Bitcoin in my Electrum wallet because of this?

Not in this particular case, this package is targeting Solana wallets:

"The solders.keypair.Keypair.__init__ method is being replaced by the attackers new_method() function, which tries to exfiltrate the self.to_bytes_array value to a rogue domain," says Fernandez.

Also the attacker's aim is not to steal the coins of whoever dev is downloading the package (though that probably would be a nice side effect), but rather the coins of whoever is using the developer's application.

In other words, if a developer using the legitimate "solders" PyPI package in their application is mislead (by solders' documentation) to fall for the typosquatted "solana-py" project, they'd inadvertently introduce a crypto stealer into their application. This would not only steal their secrets, but those of any user running the developer's application.
sr. member
Activity: 434
Merit: 253
Trust the process, imbibe consistency
This shows that we really need to be more careful because scammers are getting smarter everyday. I would have loved to know if this application can have access to any type of wallet I have on my PC? For instance, if I have Electrum wallet in my PC with Bitcoin in it before accidentally downloading this PyPI, will I lose the Bitcoin in my Electrum wallet because of this?

Thanks for sharing, definitely a good one for those who use PC to store crypto, I don't use PC to store crypto anymore, and things have been a lot easier, no need to worry about a malicious crypto stealer on your PC when the PC is empty of crypto, hardware wallet just solve the problem completely.
How do you store your crypto if I may ask because such information might be useful to a lot of people here. I know there are also hardware wallets but those buying regularly might need something they can access easily and which will not cost them much. The only option left is mobile wallets. Could it be that you are saying that mobile wallets are safer?
sr. member
Activity: 952
Merit: 275
Thanks for sharing, definitely a good one for those who use PC to store crypto, I don't use PC to store crypto anymore, and things have been a lot easier, no need to worry about a malicious crypto stealer on your PC when the PC is empty of crypto, hardware wallet just solve the problem completely.
hero member
Activity: 2842
Merit: 772
A cybersecurity group recently found out a rouge package on the Python Package Index (PyPI) repository that hides under the disguise as a library, but upon closer inspection, it's a malicious package and it's main goal: crypto stealer.

And it's uses the old method, trying, typo-squatting, but this time they are very clever as they put their package to like one version up of the original to look like they are the real and legitimate library and so it was downloaded 1000+ already.



And I know that there are a lot of developers here specially that Solana has been hot and there was a lot of hype around it, and so cyber criminals take advantage of it once again and there could have been victims already.

https://www.sonatype.com/blog/an-ideal-pypi-typosquat-solana-py-is-here-to-steal-your-crypto-keys
Jump to: