-= Per source details. Do not edit below this line.=-
The code automatically scans the filesystem looking for BIP-39 seed phrases and data indicating private keys, and exfiltrates them
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-solana-wallet-sdk
Reasons (based on the campaign):
files-exfiltration
crypto-related
exfiltration-crypto
{
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"sha256": "84d2f533c52b85d9b3b4c27fe3863e57365308d49b7a412038b26047e6704450",
"modified_time": "2026-05-08T09:02:46.092629Z",
"source": "kam193",
"id": "pypi/2026-05-solana-wallet-sdk/tron-energy-sdk",
"import_time": "2026-05-08T09:38:39.066980968Z"
}
],
"iocs": {
"ips": [
"46.225.21.180"
],
"urls": [
"http://46.225.21.180:3000/api/narrative-accounts"
]
}
}