Socket has identified multiple malicious packages in npm and PyPI, specifically targeting Solana private keys to potentially drain victims' wallets, using Gmail's SMTP for exfiltration.
Using Gmail’s SMTP servers, attackers can seamlessly transfer private keys and funds because this traffic is often regarded as benign by security systems.
The malicious npm packages falsely promote Solana functionalities while actually intercepting sensitive information, with GitHub repos falsely reporting to be development tools for DeFi automation.
Collection
[
|
...
]