A GitHub repository masquerading as a legitimate Solana trading bot has been uncovered for concealing malware that steals cryptocurrency. Blockchain security firm SlowMist reported that the now-removed solana-pumpfun-bot repository, linked to the user 'zldp2002', imitated a genuine open-source tool to capture user credentials. The investigation began after a user reported stolen funds. The repository had a notable number of stars and forks, but its code showed irregularities that suggested it was not a legitimate project. Built on Node.js, it relied on a third-party package, crypto-layout-utils, which has since been removed from the official NPM registry. SlowMist found that the attacker sourced the library from another GitHub repository. Upon analysis, the package was heavily obfuscated, but once de-obfuscated, it was confirmed to be malicious, capable of scanning for wallet-related files and private keys to upload to a remote server. This incident highlights ongoing software supply chain attacks targeting crypto users. Read more AI-generated news on: https://app.chaingpt.org/news