Malicious npm packages typosquatting widely used libraries have been leveraged to facilitate covert Solana private key exfiltration through Gmail's SMTP servers, Security Affairs reports.Threat actor solana-web-stable-huks' "solana-transaction-toolkit" and "solana-stable-web-huks" packages — which have amassed more than 130 downloads — not only compromised Solana private keys through Nodemailer but also enabled the automated transfer of 98% of the targeted cryptocurrency wallets' assets to an attacker-controlled Solana address, according to a Socket analysis. Other Solana tool-impersonating packages have been published by the same attacker under the aliases "moonshot-wif-hwan" and "Diveinprogramming." Such findings should prompt more rigorous package verification processes and enhanced private key access controls, said Socket researchers. "Whenever possible, use dedicated or temporary environments for testing third-party scripts, isolating potentially harmful code from your primary systems. Finally, monitor network traffic for unusual outbound connections, particularly those involving SMTP services, since even otherwise benign Gmail traffic can be used to exfiltrate sensitive information," the report said.
Malware, Threat Intelligence, Data Security
Solana private key exfiltration facilitated by illicit npm packages

(Image Credit: SARINYAPINNGAM via Getty Images)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



