C2 server for Python supply-chain malware targeting Solana developers. Malware distributed via malic ...
show moreC2 server for Python supply-chain malware targeting Solana developers. Malware distributed via malicious setup.py (PyPI/GitHub). Uses Base64+zlib+XOR obfuscation, retrieves C2 URL from Solana blockchain memo (wallet: BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC), downloads Node.js silently, executes AES-encrypted JS payload. Infrastructure rotates IPs on Vultr (AS20473). Reverse DNS: cdn.ichwa.com. All IPs confirmed from on-chain transaction history.
show less
C2 server for Python supply-chain malware targeting Solana developers. Malware distributed via malic ...
show moreC2 server for Python supply-chain malware targeting Solana developers. Malware distributed via malicious setup.py (PyPI/GitHub). Uses Base64+zlib+XOR obfuscation, retrieves C2 URL from Solana blockchain memo (wallet: BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC), downloads Node.js silently, executes AES-encrypted JS payload. Infrastructure rotates IPs on Vultr (AS20473). Reverse DNS: cdn.ichwa.com. All IPs confirmed from on-chain transaction history.
show less
C2 server for Python supply-chain malware targeting Solana developers. Malware distributed via malic ...
show moreC2 server for Python supply-chain malware targeting Solana developers. Malware distributed via malicious setup.py (PyPI/GitHub). Uses Base64+zlib+XOR obfuscation, retrieves C2 URL from Solana blockchain memo (wallet: BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC), downloads Node.js silently, executes AES-encrypted JS payload. Infrastructure rotates IPs on Vultr (AS20473). Reverse DNS: cdn.ichwa.com. All IPs confirmed from on-chain transaction history.
show less
C2 server for Python supply-chain malware targeting Solana developers. Malware distributed via malic ...
show moreC2 server for Python supply-chain malware targeting Solana developers. Malware distributed via malicious setup.py (PyPI/GitHub). Uses Base64+zlib+XOR obfuscation, retrieves C2 URL from Solana blockchain memo (wallet: BjVeAjPrSKFiingBn4vZvghsGj9KCE8AJVtbc9S8o8SC), downloads Node.js silently, executes AES-encrypted JS payload. Infrastructure rotates IPs on Vultr (AS20473). Reverse DNS: cdn.ichwa.com. All IPs confirmed from on-chain transaction history.
show less