A fake GitHub repository posing as a Solana trading bot was used to distribute obscured malware that stole crypto wallet credentials, according to cybersecurity firm SlowMist.
A GitHub repository posing as a legitimate Solana trading bot has been exposed for reportedly hiding crypto-stealing malware.
According to a Friday report by blockchain security firm SlowMist, the now-deleted solana-pumpfun-bot repository hosted by account “zldp2002” mimicked a real open-source tool to harvest user credentials. SlowMist reportedly launched the investigation after a user found that their funds had been stolen on Thursday.
The malicious GitHub repository in question featured “a relatively high number of stars and forks,” SlowMist said. All code commits across all its directories were made about three weeks ago, with apparent irregularities and a lack of consistent pattern that, according to SlowMist, would indicate a legitimate project.
