-= Per source details. Do not edit below this line.=-
On import spl_token_py, the package's init.py collects sensitive files from the installer's machine — ~/.config/solana/id.json (Solana wallet key), ~/.ssh/idrsa and ~/.ssh/ided25519 (SSH private keys), ~/.aws/credentials, and.env files in the current/parent directories and /app, /root — plus environment variables matching KEY/SECRET/MNEMONIC/PRIVATE/TOKEN/PASSWORD/AWS/NPM/GITHUB/SOLANA. The collected data is POSTed to api.telegram.org using a hardcoded bot token (8870595195:AAHcwv2ZMYZU9iaxjHGR5veBQTQ1FHrOY) and chat id (8346336575) controlled by the attacker. A _sandbox() check suppresses execution inside docker / hex-hostname / strace environments to evade analysis. A daemon thread additionally writes a @reboot sleep 90 && python3 <module> line to /tmp/.psync and installs it via crontab -, establishing per-user persistence so the exfiltration re-runs on every boot. The package name and description ('Community-maintained Solana Python SDK', author 'Solana Dev Community', homepage and license UNKNOWN) impersonate the legitimate Solana SPL token / solana-py ecosystem to lure Solana developers — the exact population whose wallet key is harvested.
During import, the package exfiltrates sensitive data (credentials, SSH keys, cryptowallet's data). It also establishes persistence via a cronjob.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-spl-token-py
Reasons (based on the campaign):
crypto-related
typosquatting
exfiltration-ssh-keys
exfiltration-credentials
exfiltration-crypto
exfiltration-env-variables
persistence
uses-telegram-bot
The package contains code to detect if it is running in a sandbox environment.
{
"malicious-packages-origins": [
{
"versions": [
"1.0.0"
],
"import_time": "2026-06-08T23:01:22.271405917Z",
"modified_time": "2026-06-08T22:19:52.014893Z",
"id": "pypi/2026-06-spl-token-py/spl-token-py",
"sha256": "cda7dee5497d0dc5e9e79265b9ae729b0b821c66baa883f3abe723423614cb43",
"source": "kam193"
},
{
"versions": [
"1.0.0"
],
"import_time": "2026-06-11T03:48:52.191835352Z",
"modified_time": "2026-06-11T03:10:48Z",
"id": "IN-MAL-2026-005445",
"sha256": "e05ba3043dc87365ee0b1dc44cc58243b34b6cdccdf258c5bb9218a06a65d336",
"source": "amazon-inspector"
},
{
"versions": [
"1.0.0"
],
"import_time": "2026-06-14T23:32:25.823675863Z",
"modified_time": "2026-06-08T22:19:52.014893Z",
"id": "pypi/2026-06-spl-token-py/spl-token-py",
"sha256": "dcc081729cd2cf8436874d0cd93a9aaa80f049811f1e6210da3a6f2c31c7f0e7",
"source": "kam193"
}
]
}"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/spl-token-py/MAL-2026-5339.json"
[
{
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code",
"cweId": "CWE-506"
}
]
{
"package_integrity": [
{
"filename": "spl_token_py-1.0.0-py3-none-any.whl",
"hashes": {
"md5": "19b5b861094eed31ec1ddd7d95eb027f",
"blake2b_256": "0d80cf4c59c3835bdf1b7ea7c17038870504905886f0b2d592f474384cad589d",
"sha256": "84d649b9740470ac15e22cb864e46170a06678880c06ca9b69633e9200833e67"
}
}
],
"evidence_files": [
{
"path": "spl-token-py/__init__.py",
"sha256": "96f8547a8b1ef16709dab07b25ab278bd2a547fa1ca956ffff0eb19269cb0f44",
"tlsh": "d05195c135560829e086aa9f1c1580d4238fbf5308339ab8baddb780cfc45b89a75b9c"
},
{
"path": "spl_token_py-1.0.0.dist-info/METADATA",
"sha256": "286901550bbca988a6c136c14584c3cc6b8686f5b0402ecbb268d61ef771b3c8",
"tlsh": "0ed0a78007e1c523f1c696cf15ad43d71df29611644e3cffc809354847a12e39fa6976"
}
]
}