Summary:
- Researchers at Sonatype discovered that malicious npm packages were targeting Solana developers with keylogging trojans.
- The packages, disguised as legitimate tools for Solana development, were designed to steal sensitive information like login credentials and private keys.
- This incident highlights the importance of verifying the source and integrity of software packages, especially in the rapidly evolving cryptocurrency and blockchain ecosystem.