Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets.
The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/05/malicious-pypi-package-posing-as-solana.html