{"id":"MAL-2026-4290","summary":"Malicious code in clipboard-guardian (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d)\nThis package is a cryptocurrency clipper masquerading as a clipboard-protection tool. Its postinstall script (npm-install.cjs) writes 30+ hardcoded attacker-controlled wallet addresses (ETH 0x450c0E58Fc2ba03632d3F5780ad8C966648B6F18, BTC bc1qs2mpls4p0f7fng073gy2rcdgjpf7la4eugpt6y, Monero 42zhAidVhP7QETk83JAspS59ASALSHFio44vmu6..., and addresses for ~30 other chains) into the package's config.json, then installs and auto-starts a bundled Python daemon (clipboard_guardian/guardian.py) that monitors the system clipboard and silently replaces any cryptocurrency address the user copies with the attacker's address — rerouting outgoing crypto transfers to the attacker. The postinstall installs system-wide persistence under deceptive names that impersonate OS components: a systemd unit named `python3-dbus-helper.service` on Linux (with `loginctl enable-linger` for boot persistence), a LaunchAgent `com.apple.python.runtime.plist` on macOS, and a Task Scheduler entry `PyRuntimeBroker` on Windows. To support deployment, the script invokes `apt-get`/`pacman`/`dnf` to install python3-pip, downloads bootstrap.pypa.io/get-pip.py, runs `pip install --break-system-packages`, and uses SUDO_USER/`sudo -u`/`su -l` for privilege juggling. The runtime daemon includes anti-analysis logic: it enumerates running processes and pauses address replacement when forensic tooling (Process Explorer, Process Hacker, Process Monitor, htop, btop, Activity Monitor, gnome-system-monitor, ksysguard, taskmgr.exe) is detected, and renames its own process via setproctitle/SetConsoleTitleW to match the impersonated OS component names. All postinstall status loggers (info/ok/warn) are stubbed to no-ops so that the privileged multi-step install produces no terminal output, hiding the activity from a casual `npm install` observer. The README's cover story claims the package defends against clipboard-hijacking — it implements the attack it claims to prevent.\n\n## Source: ossf-package-analysis (594054a5de1b58c5ed2cdd11d2a561b1733798ed39ef0268b80a926a8007e1c3)\nThe OpenSSF Package Analysis project identified 'clipboard-guardian' @ 1.0.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","modified":"2026-05-26T06:02:12.066466274Z","published":"2026-05-24T18:38:12Z","database_specific":{"malicious-packages-origins":[{"sha256":"594054a5de1b58c5ed2cdd11d2a561b1733798ed39ef0268b80a926a8007e1c3","versions":["1.0.0"],"source":"ossf-package-analysis","modified_time":"2026-05-24T19:22:33Z","import_time":"2026-05-24T21:49:24.4733663Z"},{"sha256":"90983188b7d0104d9777629e73c00d1c7fdb923629204e6e97ef7f2a8b3e55c4","versions":["1.0.1"],"modified_time":"2026-05-24T19:27:24Z","source":"ossf-package-analysis","import_time":"2026-05-24T21:49:24.716073482Z"},{"sha256":"9c2987a4f9d3ec9ca38e2273bbd3f2627bcdb6ce8eeac1bee597179dc4580f62","versions":["1.0.2"],"modified_time":"2026-05-24T20:07:32Z","source":"ossf-package-analysis","import_time":"2026-05-24T21:49:24.997532419Z"},{"sha256":"11c3b919479d4cd54c419070c49749230c3c74ef81321ba62a4e8c95e1699281","versions":["1.0.2"],"id":"IN-MAL-2026-004542","source":"amazon-inspector","modified_time":"2026-05-24T20:03:58Z","import_time":"2026-05-26T05:52:48.384586232Z"},{"sha256":"605112731a21e3e866efce7b5ba25eece166f71ecaff4ef0dac557602fba8cd1","versions":["1.0.2"],"id":"IN-MAL-2026-004543","modified_time":"2026-05-24T20:03:59Z","source":"amazon-inspector","import_time":"2026-05-26T05:52:48.481861691Z"},{"sha256":"6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d","versions":["1.0.0"],"id":"IN-MAL-2026-004524","source":"amazon-inspector","modified_time":"2026-05-24T18:38:12Z","import_time":"2026-05-26T05:52:46.445131525Z"},{"sha256":"9e7aed639547e041cacae70c94ac40cf52f9c50f5f5df4a096cef475e883c686","versions":["1.0.3"],"id":"IN-MAL-2026-004545","source":"amazon-inspector","modified_time":"2026-05-24T20:04:03Z","import_time":"2026-05-26T05:52:48.69498734Z"},{"sha256":"c8b109f53204f480cbab8577c5f2b1d76c65afb621014830df2a815f6dfb96f3","versions":["1.0.1"],"id":"IN-MAL-2026-004536","modified_time":"2026-05-24T19:22:52Z","source":"amazon-inspector","import_time":"2026-05-26T05:52:47.755408093Z"},{"sha256":"d1e883d9ebf87558dc0aba8446e810464a859fe32e3c528c609162956483f423","versions":["1.0.0"],"id":"IN-MAL-2026-004525","source":"amazon-inspector","modified_time":"2026-05-24T18:38:12Z","import_time":"2026-05-26T05:52:46.538588391Z"},{"sha256":"0001eebc50a7847126e2aa6b7af9d3f0db1d4b7c274c71ee7b1b09cd799bb6c5","versions":["1.0.1"],"id":"IN-MAL-2026-004537","modified_time":"2026-05-24T19:22:52Z","source":"amazon-inspector","import_time":"2026-05-26T05:52:47.866031383Z"},{"sha256":"08727f82aee199574c1c75736485c585029c7ca5e99f1cda6d155a01929a5808","versions":["1.0.3"],"id":"IN-MAL-2026-004544","modified_time":"2026-05-24T20:04:03Z","source":"amazon-inspector","import_time":"2026-05-26T05:52:48.579426711Z"}]},"references":[{"type":"PACKAGE","url":"https://www.npmjs.com/package/clipboard-guardian/v/1.0.2"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/clipboard-guardian/v/1.0.0"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/clipboard-guardian/v/1.0.1"},{"type":"PACKAGE","url":"https://www.npmjs.com/package/clipboard-guardian/v/1.0.3"}],"affected":[{"package":{"name":"clipboard-guardian","ecosystem":"npm","purl":"pkg:npm/clipboard-guardian"},"versions":["1.0.0","1.0.1","1.0.2","1.0.3"],"database_specific":{"indicators":{"package_integrity":[{"filename":"clipboard-guardian-1.0.2.tgz","hashes":{"sha512_sri":"sha512-ejWz695joojg8jpOBrwmYsLPku0mUg0scYnOoJD/C1afo2IMhgmx+bkVVqjKPsyUK9oihX+ekaDTR4qen27HZg==","sha1":"6c75473cf57c2307747e138697133f75ed8a7c96"}}],"evidence_files":[{"sha256":"ac5aca37664b0a0081f13279fc31e58bfd359b7a7564697c362bac590ea2c8fd","tlsh":"95627404e969dc2283c2645a0c92c4a276b46fa76d14646c7fbec13c8f5e13fb0f926d","path":"clipboard_guardian/guardian.py"},{"sha256":"e8ed9aa3bb71b98ddf906eb0e7664eacc93c1e1d5a75835ee61ca1f392fa648b","path":"package.json","tlsh":"c4f08b06c5341f2fb1c8a68d1edb6509b4280d8baa143d2daa83584c0bad53504bf7f9"},{"sha256":"e58f6237705a40295bd3ed2a09ef9da7858d4101e3d987c1fbc596aa1c14b04e","tlsh":"4642189692b1667c99f3a66ea687502b01198d1f3501f89cf5ae90dc0f0f139837b73e","path":"npm-install.cjs"}],"domains":["bootstrap.pypa.io"]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"},{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"},{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"},{"description":"The product contains code that appears to be malicious in nature.","cweId":"CWE-506","name":"Embedded Malicious Code"}],"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/clipboard-guardian/MAL-2026-4290.json"}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"}]}