A new malware circulating again in the PyPI library that contains a function to steal wallet keys for the Solana blockchain, and the malicious libraries dubbed “Solana-py” was a conscious effort to replicate a genuine Solana Python API project, “Solana”. The attacker had a leverage of merely the difference in the name so many users were most likely to download the intended package.
The “solana-py” library leaks the Solana wallet key and potentially other private data to an attacker’s C2 server. Thisenables the attacker to have complete control over the victim’s crypto-currency account balances. The actual malware was uploaded to PyPI on August 4, 2024, and during the time it was available, and the package gained 1,122 downloads before it was deleted.
The growth of the frequency in which this malware is being distributed emphasizes that there is need for adequate measures to be put in place in the software supply chain to counter such malwares.
This is good learning that third party libraries can come with various risks that a developer need to beware of when incorporating them in a software. This makes it mandatory for developers to check on the packages before they use them in their unique projects. Thus, it is critical to ensure library origins are legitimate and authentic alongside updating dependency frequently to counter such threats.
While using the Solana network, people will remember that they should guard their wallet keys much more carefully. Preventing access to the keys is the first step, they should be stored and hidden, passwords must be strong, two-factor authentication must be enabled. A third highly important issue is the information about the new threats and security measures or practices.
Even as the use cases for cryptocurrencies are on the rise, so is the risk that comes with the adoption of the technologies. Such incidents suggest the need for the developers, white hats, and the entire society to be more cautious and think of ways of dealing with such emerging threats.
