Cybersecurity researchers have discovered three groups of malicious packages in the npm and Python Package Index (PyPI) repositories. These packages have the ability to steal data and can even delete sensitive information from compromised systems.
The list of identified packages is below –
- @async-mutex/mutex, a typosquat of async-mute (npm)
- dexscreener, which masquerades as a library for accessing liquidity pool data from decentralized exchanges (DEXs) and interacting with the DEX Screener platform (npm)
- solana-transaction-toolkit (npm)
- solana-stable-web-huks (npm)
- cschokidar-next, a typosquat of chokidar (npm)
- achokidar-next, a typosquat of chokidar (npm)
- achalk-next, a typosquat of chalk (npm)
- csbchalk-next, a typosquat of chalk (npm)
- cschalk, a typosquat of chalk (npm)
- pycord-self, a typosquat of discord.py-self (PyPI)
A supply chain security company named Socket, which identified the malicious packages, reported that the first four packages are intended to capture Solana private keys and send them via Gmail’s Simple Mail Transfer Protocol (SMTP) servers, likely aiming to empty victims’ wallets.
Specifically, the packages known as solana-transaction-toolkit and solana-stable-web-huks are designed to drain the wallet, automatically transferring as much as 98% of its funds to a Solana address controlled by the attacker, all while pretending to provide Solana-specific features.
“Since Gmail is a trusted email service, these data exfiltration attempts are less likely to be detected by firewalls or endpoint detection systems, which recognize smtp.gmail.com as legitimate traffic,” explained security researcher Kirill Boychenko.
Socket also discovered two GitHub repositories created by the threat actors behind solana-transaction-toolkit and solana-stable-web-huks, which claim to offer Solana development tools or scripts for automating common DeFi tasks, but in reality, they import the malicious npm packages from the attackers.
The GitHub accounts linked to the repositories “moonshot-wif-hwan” and “Diveinprogramming” are currently inaccessible.
According to Boychenko, “A script found in the threat actor’s GitHub repository, moonshot-wif-hwan/pumpfun-bump-script-bot, is advertised as a trading bot for Raydium, a well-known DEX on Solana. However, it actually imports harmful code from the solana-stable-web-huks package.”
The presence of malicious GitHub repositories highlights the attackers’ efforts to expand their campaign beyond npm, targeting developers who may be looking for Solana-related tools on the Microsoft-owned code hosting platform.
The latest npm packages have escalated their malicious capabilities by adding a “kill switch” feature that can recursively delete all files in specific project directories, and in some instances, exfiltrate environment variables to a remote server.
The fake csbchalk-next package operates just like the typosquatted versions of chokidar, with the only distinction being that it triggers the data deletion process only after receiving the code “202” from the server.
Pycord-self specifically targets Python developers who want to integrate Discord APIs into their projects. It captures Discord authentication tokens and connects to a server controlled by attackers, allowing for persistent backdoor access after installation on both Windows and Linux systems.
This development comes as malicious actors are increasingly targeting Roblox users with fake libraries designed to steal data using open-source malware like Skuld and Blank-Grabber. Last year, Imperva reported that Roblox players searching for game cheats and mods have also fallen victim to fraudulent PyPI packages that deceive them into downloading the same harmful payloads.