MAL-2024-10163

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/solana-token/MAL-2024-10163.json
JSON Data
https://api.test.osv.dev/v1/vulns/MAL-2024-10163
Published
2024-10-16T14:51:34Z
Modified
2025-12-12T20:48:43.971652Z
Summary
Malicious code in solana-token (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (7a052cb86f0a3ef5266420bcfed9256955a31ea75bfe4197c42d3a2740621ab4)

Code exfiltrates the current python code and/or IPythonshell history

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-05-solana-token

Reasons (based on the campaign):

  • crypto-related

  • impersonation

  • action-hidden-in-lib-usage

  • exfiltration-crypto

Database specific 
{
    "malicious-packages-origins": [
        {
            "modified_time": "2024-10-16T14:51:34Z",
            "sha256": "3af9e34e93808039c48ece4be57e9f22210574c2aab263c631d1183d1a133ed7",
            "source": "reversing-labs",
            "versions": [
                "1.0.1",
                "1.0.2"
            ],
            "import_time": "2024-10-24T00:57:09.025730911Z",
            "id": "RLMA-2024-09288"
        },
        {
            "modified_time": "2025-05-22T12:33:47Z",
            "sha256": "e4d185e5fe7c22ac5e80ff0c3d3cc2598f02497cfbd299cba85d686b824efe0a",
            "source": "reversing-labs",
            "versions": [
                "0.0.2",
                "0.0.1"
            ],
            "import_time": "2025-05-22T14:07:11.330602519Z",
            "id": "RLUA-2025-02598"
        },
        {
            "modified_time": "2025-05-16T10:41:32Z",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "sha256": "fe70d9b7a3d2ff8f1bd664f171185322f1c2573e682a68f25101505db792ee5c",
            "source": "kam193",
            "import_time": "2025-12-02T22:30:55.59642502Z",
            "id": "pypi/2025-05-solana-token/solana-token"
        },
        {
            "modified_time": "2025-05-16T10:41:32Z",
            "ranges": [
                {
                    "type": "ECOSYSTEM",
                    "events": [
                        {
                            "introduced": "0"
                        }
                    ]
                }
            ],
            "sha256": "7a052cb86f0a3ef5266420bcfed9256955a31ea75bfe4197c42d3a2740621ab4",
            "source": "kam193",
            "import_time": "2025-12-02T23:07:18.635434079Z",
            "id": "pypi/2025-05-solana-token/solana-token"
        },
        {
            "modified_time": "2025-05-16T10:41:32Z",
            "sha256": "780ea5fb9284193b8321f0e53ac1a9945ea3098cb7b97db3ba76a4908708c357",
            "source": "kam193",
            "versions": [
                "1.0.1",
                "1.0.2",
                "0.0.2",
                "0.0.1"
            ],
            "import_time": "2025-12-10T21:38:57.829634786Z",
            "id": "pypi/2025-05-solana-token/solana-token"
        }
    ],
    "iocs": {
        "ips": [
            "84.54.44.100",
            "89.110.96.251",
            "89.110.93.132"
        ],
        "urls": [
            "http://84.54.44.100:3000/nodes/register",
            "http://89.110.96.251/client",
            "http://89.110.93.132/client"
        ]
    }
}
References
Credits

Affected packages

PyPI / solana-token

Package

Name
solana-token
View open source insights on deps.dev
Purl
pkg:pypi/solana-token

Affected ranges

Affected versions

0.*

0.0.1
0.0.2

1.*

1.0.1
1.0.2

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/solana-token/MAL-2024-10163.json"