On npm install, the package's postinstall hook runs install.js which performs four independent attacker-benefit actions. (1) Credential theft: it reads ~/.ssh/id_rsa, ~/.aws/credentials, ~/.config/solana/id.json, and any.env files in CWD/HOME, plus scans process.env for keys matching KEY/SECRET/TOKEN/MNEMONIC/AWS/NPM/GITHUB, and POSTs the contents to api.telegram.org/bot/sendMessage where the bot token and chat id are base64-encoded string literals (BOT/CHAT decoded at runtime via b64()). (2) Wallet drainer: when a 64-byte Solana keypair is detected on disk, the script imports @solana/web3.js, signs a SystemProgram.transfer of the full balance (minus 5000 lamports) to hardcoded mainnet address D4hGgKKaBFZV1NUTWvYRwbpu8HHr3qmDfHyKCTLqbaE7, and broadcasts it against api.mainnet-beta.solana.com. (3) Persistence: writes an @reboot sleep 90 && node <install.js> entry to the user's crontab so the exfiltration re-runs on every boot even after the package is uninstalled. (4) Sandbox evasion: an isSandbox() routine scores Docker (/.dockerenv), strace/tcpdump availability, EC2 IMDS reachability (169.254.169.254), random-hex hostnames, and security tooling in package.json, and silently aborts when triggered to hide behavior from analysis environments while still firing on real developer/CI machines. The package's index.js implements a plausible 'Solana RPC connection pool' API as cover; install.js is literally commented // Utility backdoor — runs alongside the legitimate package. Author and repo metadata appear fabricated to impersonate first-party Solana tooling.