Solana is having its developers' source code and secrets pilfered by a malicious Python Package Index repository package masquerading as a tool for the blockchain platform dubbed "solana-token", which has been installed 761 times before being removed from PyPI, according to The Hacker News.
ReversingLabs researchers discovered that the "register_node()" blockchain function has been leveraged by the nefarious PyPI package to exfiltrate source code across all Python execution stack files, which could potentially be used by threat actors to establish their blockchains. Attackers may have also used developer-focused platforms to spread the solana-token package but additional investigation is still needed. Such findings, which indicate the escalating targeting of cryptocurrency platforms in supply chain intrusions, should prompt more aggressive tracking of suspicious open-source and third-party software module activity, said ReversingLabs researcher Karlo Zanki. "By stopping malicious code before it is allowed to penetrate secure development environments, teams can prevent the kind of destructive supply chain attacks," Zanki added.
ReversingLabs researchers discovered that the "register_node()" blockchain function has been leveraged by the nefarious PyPI package to exfiltrate source code across all Python execution stack files, which could potentially be used by threat actors to establish their blockchains. Attackers may have also used developer-focused platforms to spread the solana-token package but additional investigation is still needed. Such findings, which indicate the escalating targeting of cryptocurrency platforms in supply chain intrusions, should prompt more aggressive tracking of suspicious open-source and third-party software module activity, said ReversingLabs researcher Karlo Zanki. "By stopping malicious code before it is allowed to penetrate secure development environments, teams can prevent the kind of destructive supply chain attacks," Zanki added.
