MAL-2026-5339

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/spl-token-py/MAL-2026-5339.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5339
Published
2026-06-08T22:19:51Z
Modified
2026-06-14T23:45:54.613392251Z
Summary
Malicious code in spl-token-py (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (e05ba3043dc87365ee0b1dc44cc58243b34b6cdccdf258c5bb9218a06a65d336)

On import spl_token_py, the package's init.py collects sensitive files from the installer's machine — ~/.config/solana/id.json (Solana wallet key), ~/.ssh/idrsa and ~/.ssh/ided25519 (SSH private keys), ~/.aws/credentials, and.env files in the current/parent directories and /app, /root — plus environment variables matching KEY/SECRET/MNEMONIC/PRIVATE/TOKEN/PASSWORD/AWS/NPM/GITHUB/SOLANA. The collected data is POSTed to api.telegram.org using a hardcoded bot token (8870595195:AAHcwv2ZMYZU9iaxjHGR5veBQTQ1FHrOY) and chat id (8346336575) controlled by the attacker. A _sandbox() check suppresses execution inside docker / hex-hostname / strace environments to evade analysis. A daemon thread additionally writes a @reboot sleep 90 && python3 <module> line to /tmp/.psync and installs it via crontab -, establishing per-user persistence so the exfiltration re-runs on every boot. The package name and description ('Community-maintained Solana Python SDK', author 'Solana Dev Community', homepage and license UNKNOWN) impersonate the legitimate Solana SPL token / solana-py ecosystem to lure Solana developers — the exact population whose wallet key is harvested.

Source: kam193 (cda7dee5497d0dc5e9e79265b9ae729b0b821c66baa883f3abe723423614cb43)

During import, the package exfiltrates sensitive data (credentials, SSH keys, cryptowallet's data). It also establishes persistence via a cronjob.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-spl-token-py

Reasons (based on the campaign):

  • crypto-related

  • typosquatting

  • exfiltration-ssh-keys

  • exfiltration-credentials

  • exfiltration-crypto

  • exfiltration-env-variables

  • persistence

  • uses-telegram-bot

  • The package contains code to detect if it is running in a sandbox environment.

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.0"
            ],
            "import_time": "2026-06-08T23:01:22.271405917Z",
            "modified_time": "2026-06-08T22:19:52.014893Z",
            "id": "pypi/2026-06-spl-token-py/spl-token-py",
            "sha256": "cda7dee5497d0dc5e9e79265b9ae729b0b821c66baa883f3abe723423614cb43",
            "source": "kam193"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "import_time": "2026-06-11T03:48:52.191835352Z",
            "modified_time": "2026-06-11T03:10:48Z",
            "id": "IN-MAL-2026-005445",
            "sha256": "e05ba3043dc87365ee0b1dc44cc58243b34b6cdccdf258c5bb9218a06a65d336",
            "source": "amazon-inspector"
        },
        {
            "versions": [
                "1.0.0"
            ],
            "import_time": "2026-06-14T23:32:25.823675863Z",
            "modified_time": "2026-06-08T22:19:52.014893Z",
            "id": "pypi/2026-06-spl-token-py/spl-token-py",
            "sha256": "dcc081729cd2cf8436874d0cd93a9aaa80f049811f1e6210da3a6f2c31c7f0e7",
            "source": "kam193"
        }
    ]
}
References
Credits

Affected packages

PyPI / spl-token-py

Package

Affected ranges

Affected versions

1.*
1.0.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/spl-token-py/MAL-2026-5339.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "spl_token_py-1.0.0-py3-none-any.whl",
            "hashes": {
                "md5": "19b5b861094eed31ec1ddd7d95eb027f",
                "blake2b_256": "0d80cf4c59c3835bdf1b7ea7c17038870504905886f0b2d592f474384cad589d",
                "sha256": "84d649b9740470ac15e22cb864e46170a06678880c06ca9b69633e9200833e67"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "spl-token-py/__init__.py",
            "sha256": "96f8547a8b1ef16709dab07b25ab278bd2a547fa1ca956ffff0eb19269cb0f44",
            "tlsh": "d05195c135560829e086aa9f1c1580d4238fbf5308339ab8baddb780cfc45b89a75b9c"
        },
        {
            "path": "spl_token_py-1.0.0.dist-info/METADATA",
            "sha256": "286901550bbca988a6c136c14584c3cc6b8686f5b0402ecbb268d61ef771b3c8",
            "tlsh": "0ed0a78007e1c523f1c696cf15ad43d71df29611644e3cffc809354847a12e39fa6976"
        }
    ]
}