Full Report
Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index (PyPI) repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below - @async-mutex/mutex, a typosquat of async-mute (npm) dexscreener, which masquerades as a library for accessing liquidity pool
Analysis Summary
# Tool/Technique: Malicious npm and PyPI Packages (Supply Chain Attack)
## Overview
This involves the discovery of multiple malicious packages published on the npm (Node Package Manager) and PyPI (Python Package Index) registries. These packages are designed to compromise developer environments, steal sensitive information (specifically Solana private keys), and, in some variants, recursively delete files on infected systems. The packages use **typosquatting** and **masquerading** to trick developers into installation.
## Technical Details
- Type: Malware families (Multiple distinct payloads delivered via a software supply chain compromise)
- Platform: npm (JavaScript/Node.js), PyPI (Python). Targets predominantly developers using these ecosystems.
- Capabilities:
1. Solana private key exfiltration via SMTP (Gmail).
2. Automatic draining of Solana wallets (up to 98% of contents).
3. Data deletion/wiping functionality with a remote "kill switch."
4. Exfiltration of environment variables.
5. Discord token theft and backdoor establishment (PyPI package variant).
- First Seen: Not explicitly stated, but discovered and reported by Socket.
## MITRE ATT&CK Mapping
The primary activities map to credential access, exfiltration, and impact/denial of service.
- **TA0001 - Initial Access**
- T1195 - Supply Chain Compromise
- T1195.002 - Compromise Software Supply Chain: Compromise Software Supply Chain: Compromise Software Supply Chain: Compromise Software Supply Chain: Compromise Software Supplychain
- **TA0009 - Collection**
- T1005 - Data from Local System
- T1005.001 - Data from Environment Variables
- **TA0010 - Exfiltration**
- T1048 - Exfiltration Over Alternative Protocol
- T1048.003 - Exfiltration Over Web Service (SMTP used for Gmail)
- **TA0006 - Credential Access**
- T1552 - Unsecured Credentials
- T1552.001 - Credentials in Files
- **TA0004 - Privilege Escalation** (Potentially, via backdoor establishment)
- T1542 - Pre-compromise Setup
- **TA0004 - Impact** (File destruction variant)
- T1485 - Data Destruction
## Functionality
### Core Capabilities
1. **Solana Key Theft and Wallet Draining:** Packages like `solana-transaction-toolkit` and `solana-stable-web-huks` actively search for and steal Solana private keys. They then use these credentials to programmatically empty the associated wallets, sending funds to attacker-controlled addresses (up to 98% depletion).
2. **Stealthy Exfiltration:** Stolen data is exfiltrated using Gmail's SMTP servers (`smtp.gmail.com`). This is intended to bypass network security controls (firewalls, EDR) that generally trust traffic to legitimate email services.
3. **Typosquatting and Impersonation:** Many packages used malicious naming conventions (e.g., `@async-mutex/mutex` impersonating `async-mutex`, `csbchalk-next` impersonating `chalk`) to appear legitimate to developers searching for dependencies.
### Advanced Features
1. **File Wiping "Kill Switch":** Some packages (the *chokidar* and *chalk* typosquats) contained a dual-purpose payload. They exfiltrated environment variables *AND* could recursively wipe files in project-specific directories. This wipe operation was contingent on receiving the code "202" from the attacker's server, acting as a remote trigger or "kill switch."
2. **Discord Token Theft and Backdoor:** The PyPI package `pycord-self` targeted Python developers integrating Discord APIs. It specifically captured Discord authentication tokens and established a persistent backdoor connection to an attacker-controlled server on both Windows and Linux systems.
3. **Staging via GitHub:** Threat actors created seemingly legitimate GitHub repositories (e.g., `moonshot-wif-hwan/pumpfun-bump-script-bot`) masquerading as Solana development tools (like a Raydium trading bot) which, upon execution, imported the malicious npm packages, expanding the attack surface beyond the initial repository compromise.
## Indicators of Compromise
- File Hashes: N/A (No specific hashes provided in the text)
- File Names:
- npm: `@async-mutex/mutex`, `dexscreener`, `solana-transaction-toolkit`, `solana-stable-web-huks`, `cschokidar-next`, `achokidar-next`, `achalk-next`, `csbchalk-next`, `cschalk`
- PyPI: `pycord-self`
- Registry Keys: N/A
- Network Indicators:
- Exfiltration Endpoint: `smtp.gmail.com` (Used as trusted infrastructure)
- C2/Backdoor Connection: Attacker-controlled servers (Implied, specific IPs/domains not listed)
- Behavioral Indicators:
- Packages executing code related to wallet interaction or private key handling immediately upon installation.
- Outbound network connections established using the SMTP protocol to external Gmail servers, especially from application runtime environments (like Node process).
- Recursive file system modification or deletion following external trigger.
## Associated Threat Actors
The threat actors behind `solana-transaction-toolkit` and `solana-stable-web-huks` controlled the GitHub accounts "moonshot-wif-hwan" and "Diveinprogramming," which are now inaccessible.
## Detection Methods
- Signature-based detection: Signatures could be created for the specific package names and associated file paths within the dependency tree if the package is successfully pulled.
- Behavioral detection: Monitoring for newly installed software packages (npm/PyPI) initiating suspicious external network connections, particularly SMTP traffic originating from build/development processes. Monitoring for programmatic attempts to access environment variables or private key files (e.g., seed phrases or JSON wallets).
- YARA rules: Could be developed based on known function strings or code patterns within the malicious payloads related to wallet draining or file destruction logic.
## Mitigation Strategies
- Prevention measures: Strict dependency vetting, scanning dependency trees before installation, and limiting the execution context of untrusted third-party code. Using private/internal registries where possible.
- Hardening recommendations: Implementing stricter egress filtering on development workstations to limit outbound connections to known legitimate services only, or closely monitoring unexpected SMTP usage. Enforcing Principle of Least Privilege on build systems.
## Related Tools/Techniques
- Other software supply chain attacks targeting developer ecosystems (e.g., attacks targeting Roblox developers using Skuld/Blank-Grabber stealer malware via PyPI packages).
- Typosquatting campaigns targeting libraries like `chalk` and `chokidar`.