MAL-2024-10163
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/solana-token/MAL-2024-10163.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MAL-2024-10163
- Published
- 2024-10-16T14:51:34Z
- Modified
- 2025-12-31T02:59:16.377419Z
- Summary
- Malicious code in solana-token (PyPI)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: kam193 (7a052cb86f0a3ef5266420bcfed9256955a31ea75bfe4197c42d3a2740621ab4)
Code exfiltrates the current python code and/or IPythonshell history
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-05-solana-token
Reasons (based on the campaign):
crypto-related
impersonation
action-hidden-in-lib-usage
exfiltration-crypto
- Database specific
{ "malicious-packages-origins": [ { "modified_time": "2024-10-16T14:51:34Z", "sha256": "3af9e34e93808039c48ece4be57e9f22210574c2aab263c631d1183d1a133ed7", "versions": [ "1.0.1", "1.0.2" ], "import_time": "2024-10-24T00:57:09.025730911Z", "source": "reversing-labs", "id": "RLMA-2024-09288" }, { "modified_time": "2025-05-22T12:33:47Z", "sha256": "e4d185e5fe7c22ac5e80ff0c3d3cc2598f02497cfbd299cba85d686b824efe0a", "versions": [ "0.0.2", "0.0.1" ], "import_time": "2025-05-22T14:07:11.330602519Z", "source": "reversing-labs", "id": "RLUA-2025-02598" }, { "modified_time": "2025-05-16T10:41:32Z", "sha256": "fe70d9b7a3d2ff8f1bd664f171185322f1c2573e682a68f25101505db792ee5c", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ], "import_time": "2025-12-02T22:30:55.59642502Z", "source": "kam193", "id": "pypi/2025-05-solana-token/solana-token" }, { "modified_time": "2025-05-16T10:41:32Z", "sha256": "7a052cb86f0a3ef5266420bcfed9256955a31ea75bfe4197c42d3a2740621ab4", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ], "import_time": "2025-12-02T23:07:18.635434079Z", "source": "kam193", "id": "pypi/2025-05-solana-token/solana-token" }, { "modified_time": "2025-05-16T10:41:32Z", "sha256": "780ea5fb9284193b8321f0e53ac1a9945ea3098cb7b97db3ba76a4908708c357", "versions": [ "1.0.1", "1.0.2", "0.0.2", "0.0.1" ], "import_time": "2025-12-10T21:38:57.829634786Z", "source": "kam193", "id": "pypi/2025-05-solana-token/solana-token" }, { "modified_time": "2025-12-23T08:39:48Z", "sha256": "a6f4b3c1f8e11b9b0ca772e26459e9f294555125735d4c42e1270df753f8fcab", "import_time": "2025-12-24T10:07:36.754529869Z", "source": "reversing-labs", "id": "RLUA-2025-06592" }, { "modified_time": "2025-05-16T10:41:32Z", "sha256": "c181c2f22b899e2a1e80131593e4bff523002b6b987ffd2097aa876471619019", "versions": [ "0.0.1", "0.0.2", "1.0.1", "1.0.2" ], "import_time": "2025-12-30T22:39:04.179832739Z", "source": "kam193", "id": "pypi/2025-05-solana-token/solana-token" } ], "iocs": { "ips": [ "84.54.44.100", "89.110.96.251", "89.110.93.132" ], "urls": [ "http://84.54.44.100:3000/nodes/register", "http://89.110.96.251/client", "http://89.110.93.132/client" ] } }- References
- Credits
-
-
- Kamil Mańkowski (kam193)
-
- Kamil Mańkowski (kam193) - ANALYST
-
- ReversingLabs - FINDER
-
Affected packages
PyPI / solana-token
Package
- Name
- solana-token
- View open source insights on deps.dev
- Purl
- pkg:pypi/solana-token