#NFPWatch #TrumpVsMusk
SlowMist discovered fraudulent Solana bot that stole cryptocurrencies from users.
$SOL 💥✨💥✨💥✨💥
A fake GitHub repository posing as a legitimate Solana trading bot was used to distribute hidden malware that stole crypto wallet credentials, according to cybersecurity firm SlowMist.
#DYMBinanceHODL A GitHub repository pretending to be a legitimate Solana trading bot has been discovered to be hiding, reportedly, malware to steal cryptocurrencies.
According to a report published on Friday by blockchain security company SlowMist, the now-removed repository solana-pumpfun-bot, hosted on the account "zldp2002", imitated a real open-source tool to collect user credentials. SlowMist reportedly launched the investigation after a user discovered that their funds had been stolen on Thursday.
The malicious GitHub repository in question had "a relatively high number of stars and forks," according to SlowMist. All code commits in all its directories were made about three weeks ago, with apparent irregularities and a lack of consistent pattern that, according to SlowMist, would indicate a legitimate project.
The project is based on Node.js and uses the third-party package crypto-layout-utils as a dependency. "After a more detailed inspection, we discovered that this package had already been removed from the official NPM registry," said SlowMist.