Cybersecurity researchers have uncovered a series of malicious npm packages designed to exfiltrate Solana private keys by exploiting Gmail’s SMTP service. These packages, including @async-mutex/mutex, dexscreener, solana-transaction-toolkit, and solana-stable-web-huks, masquerade as legitimate tools but contain hidden scripts that intercept and transmit private keys to attacker-controlled Gmail accounts. Attack Methodology The attackers employ typosquatting techniques, creating packages with names similar to popular libraries to deceive developers into installing them. Once integrated, these packages capture private keys during wallet interactions and use Gmail’s SMTP server to send the stolen data to the…
Read MoreMalicious npm Packages Exploit Gmail SMTP to Steal Solana Wallet Keys
