MAL-2026-5337

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/solana-web3/MAL-2026-5337.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5337

Published

2026-06-08T22:20:57Z

Modified

2026-06-14T23:45:54.661571424Z

Summary

Malicious code in solana-web3 (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (4967ebad2d1f4f5802ef50f1d399c05c4dfab94a208079695570b15ffef0fdd2)

On import, solana-web3/init.py executes a credential-stealer payload. After a sandbox-evasion gate (checks for 12-hex Docker hostname, /.dockerenv, and presence of strace to skip analysis environments), _collect() reads installer-side secrets: ~/.ssh/idrsa, ~/.ssh/ided25519, ~/.aws/credentials, Solana keypairs at ~/.config/solana/id.json and ~/.solana/id.json,.env files in the current and parent directories as well as /app/.env and /root/.env, and bulk-scrapes os.environ for any variable name containing KEY/SECRET/MNEMONIC/PRIVATE/TOKEN/PASSWORD/AWS/NPM/GITHUB/SOLANA. The harvested data is POSTed to https://api.telegram.org/bot<redacted>/sendMessage using a hardcoded bot token and chat_id 8346336575. _persist() then writes @reboot sleep 90 && python3 <__file__> into /tmp/.psync and merges it into the user's crontab so the stealer re-runs on every reboot, even after the package is uninstalled. The package name impersonates the well-known @solana/web3.js Solana SDK and advertises itself as a 'Community-maintained Solana Python SDK', but ships no SDK functionality — only the stealer. METADATA lists UNKNOWN homepage/license and a generic 'Solana Dev Community' author.

Source: kam193 (91c09b86579a07d271d3bcd57adf5b5b161e49e36c3bd7af09c50dd8127aa54f)

During import, the package exfiltrates sensitive data (credentials, SSH keys, cryptowallet's data). It also establishes persistence via a cronjob.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-spl-token-py

Reasons (based on the campaign):

crypto-related
typosquatting
exfiltration-ssh-keys
exfiltration-credentials
exfiltration-crypto
exfiltration-env-variables
persistence
uses-telegram-bot
The package contains code to detect if it is running in a sandbox environment.

Database specific

{
    "malicious-packages-origins": [
        {
            "import_time": "2026-06-08T23:01:22.27085005Z",
            "source": "kam193",
            "modified_time": "2026-06-08T22:20:58.147035Z",
            "id": "pypi/2026-06-spl-token-py/solana-web3",
            "versions": [
                "1.0.0"
            ],
            "sha256": "91c09b86579a07d271d3bcd57adf5b5b161e49e36c3bd7af09c50dd8127aa54f"
        },
        {
            "import_time": "2026-06-11T03:48:48.560668715Z",
            "source": "amazon-inspector",
            "modified_time": "2026-06-11T02:57:43Z",
            "id": "IN-MAL-2026-005416",
            "versions": [
                "1.0.0"
            ],
            "sha256": "4967ebad2d1f4f5802ef50f1d399c05c4dfab94a208079695570b15ffef0fdd2"
        },
        {
            "import_time": "2026-06-14T23:32:25.822816757Z",
            "source": "kam193",
            "sha256": "d413be5ab63f611c2afc6583df30b5167044189a3c1c9248cc9c3910a77bb974",
            "id": "pypi/2026-06-spl-token-py/solana-web3",
            "versions": [
                "1.0.0"
            ],
            "modified_time": "2026-06-08T22:20:58.147035Z"
        }
    ]
}

References

Credits

- Amazon Inspector - FINDER
- - inspector-research@amazon.com
- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / solana-web3

Package

Name: solana-web3; View open source insights on deps.dev
Purl: pkg:pypi/solana-web3

Affected ranges

Affected versions

1.*

1.0.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/solana-web3/MAL-2026-5337.json"

cwes

[
    {
        "cweId": "CWE-506",
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code"
    }
]

indicators

{
    "package_integrity": [
        {
            "filename": "solana_web3-1.0.0-py3-none-any.whl",
            "hashes": {
                "md5": "c748c9d14818de8d113240be30308243",
                "sha256": "be1967702b04983c56fc16a1ce4bfda510fcbdb1c735a00e26812e8a7567f438",
                "blake2b_256": "df978f51564bedd20c64e7df3323151e20b42b74641920d558461cd1763e4ce6"
            }
        }
    ],
    "evidence_files": [
        {
            "tlsh": "d05195c135560829e086aa9f1c1580d4238fbf5308339ab8baddb780cfc45b89a75b9c",
            "path": "solana-web3/__init__.py",
            "sha256": "96f8547a8b1ef16709dab07b25ab278bd2a547fa1ca956ffff0eb19269cb0f44"
        },
        {
            "tlsh": "ecd05e400ba18523f18682cf1aad43d61de29600644e28ab8c09340883a22e26fa6976",
            "path": "solana_web3-1.0.0.dist-info/METADATA",
            "sha256": "e059d3d2453f08a23fee2c54412d31c66fe2e0c460e57e147a8f0bcae0172534"
        }
    ]
}