Which versions of solana-dev-tools are malicious?

The following npm versions of solana-dev-tools are flagged malicious: 1.0.0. Treat any of these as compromised.

How do I remediate solana-dev-tools if I installed it?

Remove solana-dev-tools from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is solana-dev-tools part of a known attack campaign?

Yes — solana-dev-tools is associated with the IN-MAL-2026-005444 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect solana-dev-tools in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking solana-dev-tools and packages like it before any post-install script runs.

Malicious package

solana-dev-toolsnpm

Malicious code in solana-dev-tools (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5559

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall solana-dev-tools

What this malware does

On npm install, the package's postinstall hook (node install.js) executes a multi-stage attack against the installer's machine. It reads ~/.config/solana/id.json, ~/.solana/id.json, ~/.ssh/id_rsa, ~/.aws/credentials, project-local.env files, and bulk-scrapes process.env keys matching KEY|SECRET|MNEMONIC|PRIVATE|TOKEN|PASSWORD|RPC|AWS|NPM|GITHUB|CI|DEPLOY. The collected secrets are POSTed to api.telegram.org/bot<base64-decoded-token>/sendMessage. When any Solana keypair byte array is recovered, the script reconstructs the Keypair, queries mainnet-beta balance via api.mainnet-beta.solana.com, and issues a SystemProgram.transfer of the full balance minus 5000 lamports to the hardcoded attacker pubkey D4hGgKKaBFZV1NUTWvYRwbpu8HHr3qmDfHyKCTLqbaE7. The script also installs a @reboot sleep 90 && node <install.js> crontab entry for persistence across reboots. A sandbox-evasion routine inspects /.dockerenv, the AWS metadata IP 169.254.169.254, presence of strace/tcpdump, hex-style hostnames, and the presence of socket-security/snyk/npm-audit dependencies to suppress persistence in analysis environments while still attempting exfiltration. The package's stated purpose ("Solana development CLI tools") is a cover story; it impersonates legitimate Solana developer tooling.

Malicious versions

1 flagged

1.0.0

Indicators of compromise (SHA-256)

059c5a74392811a397d3868092b7bcc84fbfac9d2f3de1c69a6421cdf756b652

Frequently asked questions

No. solana-dev-tools on npm has been identified as a malicious package (version 1.0.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005444

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection