A sophisticated threat dubbed the Solana FakeFix campaign. Threat actors deployed 25 malicious packages across the npm and PyPI ecosystems to compromise developer environments. Disguised as stable-build fixes and official SDK tooling, these packages specifically target Solana developers. Once installed, they silently execute malicious code to harvest highly sensitive data, including wallet keys, cloud credentials, […]
The post Solana FakeFix Campaign Uses 25 Malicious npm and PyPI Packages to Steal Developer Secrets appeared first on Cyber Security News.