I guess this is “news” because last month, the vulnerability was being sent to the attacker’s endpoints at https://sol-rpc[.]xyz/api/rpc/queue and now it’s being sent via email instead.
In any case, they did get me because I don’t really care about Solana but do care about Gmail, and this affects me 0%.
Even Socket used a clickbait headline for their research: https://socket.dev/blog/gmail-for-exfiltration-malicious-npm-packages-target-solana-private-keys-and-drain-victim-s
I guess this is “news” because last month, the vulnerability was being sent to the attacker’s endpoints at
https://sol-rpc[.]xyz/api/rpc/queueand now it’s being sent via email instead.In any case, they did get me because I don’t really care about Solana but do care about Gmail, and this affects me 0%.