solana-cli-py @1.0.0

Summary

On import solana_cli_py , the package's top-level __init__.py unconditionally invokes _report() , which harvests standard developer-side secret material and POSTs it to a hardcoded Telegram bot. Targeted paths include ~/.ssh/id_rsa and ~/.ssh/id_ed25519 , ~/.aws/credentials , the Solana wallet keypairs ~/.config/solana/id.json and ~/.solana/id.json , and .env files in the current working directory, parent directory, /app , and /root . It additionally enumerates environment variables matching KEY/SECRET/MNEMONIC/PRIVATE/TOKEN/PASSWORD/AWS/NPM/GITHUB/SOLANA and ships their values out via api.telegram.org/bot<redacted>/sendMessage to chat id 8346336575. A background daemon thread then writes @reboot sleep 90 && python3 <abs path to __init__.py> into /tmp/.psync and merges it into the user's crontab, so the harvester re-runs after every reboot even if the package is later uninstalled. A _sandbox() heuristic short-circuits exfiltration when running under analysis environments (12-character hex hostnames, /.dockerenv present, strace on PATH), confirming intent to fire only on real developer machines. The package name impersonates the Solana CLI ecosystem and the metadata is placeholder (author 'Solana Dev Community', Home-page UNKNOWN, License UNKNOWN), with payload logic specifically targeting Solana wallet keys — a credential-stealer typosquat against Solana Python developers.

Source: amazon-inspector (80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd)