Which versions of solana-sdkpy are malicious?

The following PyPI versions of solana-sdkpy are flagged malicious: 1.2.2, 1.2.3, 1.2.5, 1.2.6. Treat any of these as compromised.

How do I remediate solana-sdkpy if I installed it?

solana-sdkpy is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed solana-sdkpy — how do I know if it already compromised me?

If solana-sdkpy was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is solana-sdkpy part of a known attack campaign?

Yes — solana-sdkpy is associated with the RLMA-2025-03687, RLUA-2025-04259, 2025-07-0x9xnx, RLUA-2026-00766 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find solana-sdkpy across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for solana-sdkpy (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging solana-sdkpy across your stack and pipelines.

Malicious package

solana-sdkpyPyPI

Malicious code in solana-sdkpy (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-6588

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall solana-sdkpy

What this malware does

Series of packages mostly with an obfuscated infostealer attempting to collect Chrome data. While discord webhook is usually set to an example, there are other, correct uploading URLs

Some of related packages only test partial malicious code, like webhooks from overwritten setup.py

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-07-0x9xnx

Reasons (based on the campaign):

infostealer
obfuscation
exfiltration-browser-data
exfiltration-crypto
The package overrides the install command in setup.py to execute malicious code during installation.

Malicious versions

4 flagged

1.2.21.2.31.2.51.2.6

Indicators of compromise (SHA-256)

a39c7810762407fd92004b6131659cc166353feb3ef23c53e1ac64c73cd36af9

0a24eba74be85d4514966918be8a62fcd990c836bca72016ef4290ff15211024

8547af2904fbee83f4b917b00212906712d92ba5f59c723eff2f05bfd3ed503a

fa656c982797b0a9ae09399aa3204b8925d4608935f9b563f498224bebf39b04

09f209e48c9350be29ca72e76c84a942618776e853edcab600350280b81bfdd7

f47ee40cfd0e9795a39169e47ec90e1372d8366cac29b5210bb6528edee45101

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for solana-sdkpy (4 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging solana-sdkpy across your stack and pipelines.
If you installed it — respond
solana-sdkpy is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If solana-sdkpy was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks solana-sdkpy before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. solana-sdkpy on PyPI has been identified as a malicious package (versions 1.2.2, 1.2.3, 1.2.5, 1.2.6 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2025-03687RLUA-2025-042592025-07-0x9xnxRLUA-2026-00766

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks solana-sdkpy-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring