-= Per source details. Do not edit below this line.=-
Code pretends to be an ETH utility and exfiltrates the given seed/private key
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-solana-wallet-sdk
Reasons (based on the campaign):
files-exfiltration
crypto-related
exfiltration-crypto
{
"iocs": {
"urls": [
"http://46.225.21.180:3000/api/narrative-accounts"
],
"ips": [
"46.225.21.180"
]
},
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"id": "pypi/2026-05-solana-wallet-sdk/eth-web3-utils",
"modified_time": "2026-05-08T07:20:13.360675Z",
"import_time": "2026-05-08T08:37:58.668102969Z",
"sha256": "ab01b68589d4f3b1e8686ed007d522f24c8259049cb211a023ac3f3ff8f56ce4",
"source": "kam193"
}
]
}