-= Per source details. Do not edit below this line.=-
The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-solana-wallet-sdk
Reasons (based on the campaign):
files-exfiltration
crypto-related
exfiltration-crypto
{
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"sha256": "1e40a039f63743a1d3c20fb312ecd2ecb1e47fe20c6787efa0a3f0f441ad5828",
"modified_time": "2026-05-08T07:26:52.495468Z",
"source": "kam193",
"id": "pypi/2026-05-solana-wallet-sdk/crypto-wallet-utils",
"import_time": "2026-05-08T08:37:58.664728332Z"
}
],
"iocs": {
"ips": [
"46.225.21.180"
],
"urls": [
"http://46.225.21.180:3000/api/narrative-accounts"
]
}
}