The malware hidden within the package functioned as a comprehensive information stealer, targeting a wide range of data. This included web browser passwords, cookies, credit card details, cryptocurrency wallets, and information from messaging apps like Telegram, Signal, and Session.
Additionally, it had features to capture screenshots and search for files containing GitHub recovery codes and BitLocker keys. The collected information was then compressed and sent to two Telegram bots controlled by the attacker.
The malware also included a backdoor component, giving the attacker persistent remote access to the victims' machines, enabling further exploits and long-term control.
The attack chain involved multiple stages, with the "raydium" package listing "spl-types" as a dependency to disguise its malicious behavior and appear legitimate to users.
A notable aspect of this campaign was the use of Stack Exchange as a vector for distribution. The attacker posted seemingly helpful answers to developer questions about performing swap transactions in Raydium using Python, referencing the malicious package. By choosing high-visibility threads with thousands of views, the attacker maximized the package's reach and credibility.
Although the original Stack Exchange post has been removed, The Hacker News found references to "raydium" in an unanswered question posted on July 9, 2024, where a user struggled to run a swap on the Solana network using Python 3.10.2 with Raydium. Additionally, "raydium-sdk" was mentioned in a Medium post titled "How to Buy and Sell Tokens on Raydium using Python: A Step-by-Step Solana Guide" by a user named SolanaScribe on June 29, 2024.
The exact removal date of these packages from PyPI is unclear. Users have recently sought help on the Medium post about installing "raydium-sdk" as late as July 27, 2024. Checkmarx confirmed that the Medium post was not created by the threat actor.
This method of malware distribution is not new. In May, Sonatype exposed a similar scheme where the package pytoileur was promoted on Stack Overflow to facilitate cryptocurrency theft. This trend demonstrates how attackers exploit the trust in community-driven platforms to conduct large-scale supply chain attacks.
"A single compromised developer can inadvertently introduce vulnerabilities into an entire company's software ecosystem, potentially affecting the whole corporate network," the researchers stated. "This attack is a wake-up call for individuals and organizations to reassess their security strategies."
In a related development, Fortinet FortiGuard Labs reported on a malicious PyPI package named zlibxjson, designed to steal sensitive information such as Discord tokens, browser cookies from Chrome, Firefox, Brave, and Opera, and stored passwords. This package had 602 downloads before it was removed from PyPI.
"These actions can lead to unauthorized access to user accounts and the exfiltration of personal data, clearly classifying the software as malicious," said security researcher Jenna Wang.