Tech

Gmail Exploited in New Cyber Attack to Steal Solana Crypto Keys

16
Gmail App

A new cyber attack targeting Solana crypto wallets has been uncovered, with Gmail being exploited as a key part of the attack strategy.

According to a Socket Threat Research Team report published on January 8, 2025, hackers are using malicious npm packages to steal Solana private keys and funnel them through Gmail’s email system, making it difficult for security systems to detect the threat.

The attack works by intercepting private keys during wallet interactions and sending them through Gmail’s SMTP servers, which are typically trusted and often bypass firewalls or endpoint detection systems. This makes it easier for hackers to carry out their scheme without triggering alarms.

Gmail’s role in this attack is crucial, as it is a widely trusted platform. According to Kirill Boychenko, a threat intelligence analyst at Socket, the abuse of Gmail allows the attack to go undetected by many security systems that treat smtp.gmail.com as legitimate traffic.

Google Responds to the Threat

In response to the report, Google confirmed that they are aware of this type of attack. A spokesperson stated that Gmail accounts have protections in place to detect suspicious behavior like exfiltration and forwarding of data. If such activity is detected, users are prompted to reauthenticate to secure their accounts.

AI and Gmail-Driven Attacks

The report also highlights how AI-driven attacks are becoming more prevalent in cybercrime. Dmitry Volkov, CEO of Group-IB, explained that AI is being used to create more sophisticated scams, including phishing and malware attacks. AI-powered tools can even generate malicious code, making it easier for hackers to carry out large-scale attacks and bypass traditional defenses.

The malicious npm packages used in this attack were disguised as legitimate tools. One such package, @async-mutex/mutex, was a typosquatted version of a popular package with millions of downloads. The packages were designed to look harmless, but they contained malware that could steal private keys from users of Solana wallets.

Ongoing Risk and Mitigation

At the time of the report, the malicious packages were still available for download, though researchers have petitioned for their removal. The threat actors behind this campaign have also used GitHub repositories to lend legitimacy to the malware.

This attack highlights the risks involved with trusting email platforms like Gmail, especially when they are exploited by hackers to exfiltrate sensitive data. Users of Solana wallets and other cryptocurrency platforms are urged to stay vigilant and ensure their accounts are secure, as these types of attacks continue to evolve.

For more updates on the situation, stay tuned.

Written by
Sazid Kabir

I've loved music and writing all my life. That's why I started this blog. In my spare time, I make music and run this blog for fellow music fans.

Related Articles

Microsoft
TechAI

Microsoft’s Chief Product Officer Reassures Coders Amid Layoffs: AI Is Transforming, Not Replacing, Software Development

Microsoft’s Chief Product Officer, Aparna Chennapragada, recently addressed concerns surrounding the future...

Qualcomm Snapdragon Processor
Tech

Qualcomm Faces Legal Setback as Judge Allows Patent Lawsuit Over Snapdragon Chips to Proceed

Qualcomm is in legal trouble after a judge refused to dismiss a...

intel
Tech

Intel Confirms Arrow Lake-S Refresh CPUs With LGA 1851 & 800-Series Motherboard Compatibility

Intel’s next round of desktop CPUs — the Arrow Lake-S Refresh under...

Nvidia CEO Jensen Huang at CES 2025
Tech

NVIDIA CEO Confirms Huawei’s CloudMatrix Matches Grace Blackwell, Admits They Can’t Be Stopped

NVIDIA CEO Jensen Huang has publicly acknowledged that Huawei’s AI hardware has...