MAL-2026-5336

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/solana-cli-py/MAL-2026-5336.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5336
Published
2026-06-08T22:21:41Z
Modified
2026-06-14T23:45:54.614140397Z
Summary
Malicious code in solana-cli-py (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd)

On import solana_cli_py, the package's top-level __init__.py unconditionally invokes _report(), which harvests standard developer-side secret material and POSTs it to a hardcoded Telegram bot. Targeted paths include ~/.ssh/id_rsa and ~/.ssh/id_ed25519, ~/.aws/credentials, the Solana wallet keypairs ~/.config/solana/id.json and ~/.solana/id.json, and .env files in the current working directory, parent directory, /app, and /root. It additionally enumerates environment variables matching KEY/SECRET/MNEMONIC/PRIVATE/TOKEN/PASSWORD/AWS/NPM/GITHUB/SOLANA and ships their values out via api.telegram.org/bot<redacted>/sendMessage to chat id 8346336575. A background daemon thread then writes @reboot sleep 90 && python3 <abs path to __init__.py> into /tmp/.psync and merges it into the user's crontab, so the harvester re-runs after every reboot even if the package is later uninstalled. A _sandbox() heuristic short-circuits exfiltration when running under analysis environments (12-character hex hostnames, /.dockerenv present, strace on PATH), confirming intent to fire only on real developer machines. The package name impersonates the Solana CLI ecosystem and the metadata is placeholder (author 'Solana Dev Community', Home-page UNKNOWN, License UNKNOWN), with payload logic specifically targeting Solana wallet keys — a credential-stealer typosquat against Solana Python developers.

Source: kam193 (d1906f26c40e0ea91316c6c85ba5fea16d52a711c7a5edf3d847578cdd653715)

During import, the package exfiltrates sensitive data (credentials, SSH keys, cryptowallet's data). It also establishes persistence via a cronjob.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-spl-token-py

Reasons (based on the campaign):

  • crypto-related

  • typosquatting

  • exfiltration-ssh-keys

  • exfiltration-credentials

  • exfiltration-crypto

  • exfiltration-env-variables

  • persistence

  • uses-telegram-bot

  • The package contains code to detect if it is running in a sandbox environment.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "sha256": "d1906f26c40e0ea91316c6c85ba5fea16d52a711c7a5edf3d847578cdd653715",
            "modified_time": "2026-06-08T22:21:41.216404Z",
            "source": "kam193",
            "import_time": "2026-06-08T23:01:22.262353613Z",
            "id": "pypi/2026-06-spl-token-py/solana-cli-py"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "sha256": "80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd",
            "modified_time": "2026-06-11T04:44:50Z",
            "source": "amazon-inspector",
            "import_time": "2026-06-11T05:40:57.816332999Z",
            "id": "IN-MAL-2026-005467"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "sha256": "5d07ef5740adcb537ab7c34647a0250184d417ad6398dcbaa3b54da79533461f",
            "modified_time": "2026-06-08T22:21:41.216404Z",
            "source": "kam193",
            "import_time": "2026-06-14T23:32:25.813314895Z",
            "id": "pypi/2026-06-spl-token-py/solana-cli-py"
        }
    ]
}
References
Credits

Affected packages

PyPI / solana-cli-py

Package

Affected ranges

Affected versions

1.*
1.0.0

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "solana_cli_py-1.0.0-py3-none-any.whl",
            "hashes": {
                "sha256": "02d8128d18f8fe9e5e65da871e503d81d7e584e94e95ee5320964a6bad02c784",
                "md5": "19f6a177e58a88c2db63dc64dfcf6d59",
                "blake2b_256": "8d1d230523620d5f33ebc547a02838fd50549cf80e69265dd1858dc2e3c526a9"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "96f8547a8b1ef16709dab07b25ab278bd2a547fa1ca956ffff0eb19269cb0f44",
            "path": "solana-cli-py/__init__.py",
            "tlsh": "d05195c135560829e086aa9f1c1580d4238fbf5308339ab8baddb780cfc45b89a75b9c"
        },
        {
            "sha256": "555015238ff5eeffdbc3b1da5f7ce37bf4f55d261254dd499f3cae9464ad4279",
            "path": "solana_cli_py-1.0.0.dist-info/METADATA",
            "tlsh": "37d05e400be18423f18682cf1aae43d61df2a600644e28abcc09340843a12e2afa6976"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/solana-cli-py/MAL-2026-5336.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]