MAL-2026-5559 Malicious code in solana-dev-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 059c5a74392811a397d3868092b7bcc84fbfac9d2f3de1c69a6421cdf756b652 On npm install, the package's postinstall hook node install.js executes a multi-stage attack against the installer's machine. It reads...

Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed

Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fastlog to steal Solana and Ethereum wallet keys from source code. The crates, named fasterlog and asyncprintln, were published by the threat actor under the alias rustguruman and...

Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP

Cybersecurity researchers have identified three sets of malicious packages across the npm and Python Package Index PyPI repository that come with capabilities to steal data and even delete sensitive data from infected systems. The list of identified packages is below - @async-mutex/mutex, a...