{"id":"MAL-2026-5311","summary":"Malicious code in bittensor-burn-monitor (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (9d4b7067997b5bc9822e964b16a3b4e78b5ec637086732d143889e577fa2d886)\nbittensor-burn-monitor advertises itself as a Bittensor subnet burn-rate monitor but ships a covert clipboard logger that exfiltrates installers' clipboard contents to a hardcoded Telegram destination. The package's logic is shipped only as compiled Cython binaries (bittensor_burn_watch/core.cpython-310-*.so, burn_watch.cpython-310-*.so) with a thin __init__.py that re-exports `main`; no Python source is provided. The compiled module's own internal documentation describes it as a 'clipboard logger', exposes routines to 'Read clipboard via Win32 API', 'Pick the first working Linux clipboard backend', and run an exclusive daemon that polls the clipboard and sends each capture as a Telegram message. A bundled defaults.env hardcodes a single attacker-controlled bot token and chat ID (TELEGRAM_BOT_TOKEN=8666228137:AAF_NLMrow4cDf3uEJCl3JY7DeBHtovd1TU, TELEGRAM_CHAT_ID=8766781014) so every installer reports to the same destination. The package additionally installs cross-platform persistence so the clipboard daemon survives reboots and respawns if killed — Windows Task Scheduler entries configured to run regardless of battery/time limits with a 15-minute watchdog, a Linux systemd user service + timer, and a macOS LaunchAgent with KeepAlive — and on Linux it silently invokes apt/dnf/pacman to install wl-clipboard/xclip without user prompt to enable clipboard access. Targets Bittensor subnet operators, whose clipboards routinely contain wallet mnemonics, validator hotkeys, and API tokens. Clipboard capture, the Telegram destination, and the autostart persistence are all undisclosed in the README.\n\n## Source: kam193 (b6f3a79211950df5f7a41e4b0845733e4ec71f253c1f0e6c2d3fa9049c1de1a9)\nThe package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard and if the content matches the pattern, exfiltrates it. Early versions contain this behavior mentioned in the README. The targeted data are likely cryptocurrency secret phrases.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-clip-logger\n\n\nReasons (based on the campaign):\n\n\n - clipboard-stealing\n\n\n - crypto-related\n","modified":"2026-06-11T08:01:34.096978145Z","published":"2026-06-08T10:34:54Z","database_specific":{"malicious-packages-origins":[{"versions":["1.5.0","1.5.3","1.5.5","1.6.0","1.6.3","1.6.5","1.7.0"],"id":"pypi/2026-06-clip-logger/bittensor-burn-monitor","modified_time":"2026-06-08T10:34:54.639889Z","sha256":"b6f3a79211950df5f7a41e4b0845733e4ec71f253c1f0e6c2d3fa9049c1de1a9","source":"kam193","import_time":"2026-06-08T11:41:02.5132039Z"},{"versions":["1.5.0","1.5.3","1.5.5","1.6.0","1.6.3","1.6.5","1.7.0"],"id":"pypi/2026-06-clip-logger/bittensor-burn-monitor","modified_time":"2026-06-08T13:13:47.452895Z","sha256":"821b859da75ef3ab42615fec48ca522c7e3508af147af7af5759e2277964413c","source":"kam193","import_time":"2026-06-08T13:34:40.934613732Z"},{"versions":["1.5.0","1.5.3","1.5.5","1.6.0","1.6.3","1.6.5","1.7.0"],"modified_time":"2026-06-08T13:41:27.668745Z","id":"pypi/2026-06-clip-logger/bittensor-burn-monitor","sha256":"8e00f9218fb5589a0956bfc25343fde68b64422703baae22a4c1bf03e5dff0f0","source":"kam193","import_time":"2026-06-08T15:12:45.406026684Z"},{"versions":["1.5.0","1.5.3","1.5.5","1.6.0","1.6.3","1.6.5","1.7.0"],"modified_time":"2026-06-08T13:41:27.668745Z","id":"pypi/2026-06-clip-logger/bittensor-burn-monitor","sha256":"7490be61e057111c7718843cb02f8ee924969393cdef5c83255d4d44bc2fbced","source":"kam193","import_time":"2026-06-08T19:19:19.162340616Z"},{"versions":["1.5.5"],"modified_time":"2026-06-11T06:47:31Z","id":"IN-MAL-2026-005649","sha256":"65535357026e6d116c2b6ba4e1439fb27a7bfc9f0b0e9f8ad451bfc165b7e2e3","source":"amazon-inspector","import_time":"2026-06-11T07:49:36.702481669Z"},{"versions":["1.6.5"],"modified_time":"2026-06-11T06:47:27Z","id":"IN-MAL-2026-005643","sha256":"98931441510cfd39d8d4af18bbfe35489c57cbcf5c19c34cc7be014dab7b72e3","source":"amazon-inspector","import_time":"2026-06-11T07:49:35.983797413Z"},{"versions":["1.6.3"],"modified_time":"2026-06-11T06:47:30Z","id":"IN-MAL-2026-005646","sha256":"9d4b7067997b5bc9822e964b16a3b4e78b5ec637086732d143889e577fa2d886","source":"amazon-inspector","import_time":"2026-06-11T07:49:36.318468273Z"},{"versions":["1.5.3"],"modified_time":"2026-06-11T06:47:31Z","id":"IN-MAL-2026-005648","sha256":"0320adfd23bf0dc4511464240ed9065a20af0359199fc3a40cb84dcda5173cd2","source":"amazon-inspector","import_time":"2026-06-11T07:49:36.625523884Z"},{"versions":["1.6.0"],"id":"IN-MAL-2026-005647","modified_time":"2026-06-11T06:47:30Z","sha256":"0e1c506bb7e3efe88a67bf774edfc69fbcbf08b06a0f60f6aa1522ad34bb5382","source":"amazon-inspector","import_time":"2026-06-11T07:49:36.480265988Z"},{"versions":["1.5.0"],"modified_time":"2026-06-11T06:47:34Z","id":"IN-MAL-2026-005651","sha256":"5a71d05cbac17746808a6d85a119f48095acd900bd4acf86edc577d75ae97029","source":"amazon-inspector","import_time":"2026-06-11T07:49:36.953337914Z"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/bittensor-burn-monitor"},{"type":"PACKAGE","url":"https://pypi.org/project/bittensor-burn-monitor/1.5.5/"},{"type":"PACKAGE","url":"https://pypi.org/project/bittensor-burn-monitor/1.6.5/"},{"type":"PACKAGE","url":"https://pypi.org/project/bittensor-burn-monitor/1.6.3/"},{"type":"PACKAGE","url":"https://pypi.org/project/bittensor-burn-monitor/1.5.3/"},{"type":"PACKAGE","url":"https://pypi.org/project/bittensor-burn-monitor/1.6.0/"},{"type":"PACKAGE","url":"https://pypi.org/project/bittensor-burn-monitor/1.5.0/"}],"affected":[{"package":{"name":"bittensor-burn-monitor","ecosystem":"PyPI","purl":"pkg:pypi/bittensor-burn-monitor"},"versions":["1.5.0","1.5.3","1.5.5","1.6.0","1.6.3","1.6.5","1.7.0"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bittensor-burn-monitor/MAL-2026-5311.json","indicators":{"evidence_files":[{"path":"bittensor_burn_watch/defaults.env","tlsh":"cdd02b12466cfb52ad025d11601aa25d50dd551fbf12c2d0a35b42c7b4514e646fe3a9","sha256":"9d765d7c1621562a0c7710d0b6db8cc3e4544ed25cd58b296eb937803355d905"},{"path":"bittensor_burn_watch/core.cpython-310-darwin.so","tlsh":"a605e762e3bd3d01c69bb7be7b1c4299260df5a80b38c09e2c1c252c9ed5b154a775b3","sha256":"69d737c63e70fe304bfdf46a8caf3e7a0ac6bccdf6cdb272137c9d136c6ce07f"},{"path":"bittensor_burn_monitor-1.5.5.dist-info/METADATA","sha256":"0cf56bbeedb99bcac2047766f3dc5291500f11dcf595f8e87d517a6a634d9b88","tlsh":"e8712021b980427e3b65b3776e198b006951c0647ed8b89c34ee9537af03729c2bd23d"}],"package_integrity":[{"hashes":{"md5":"d66fbd348f9837926974f0b0722a486e","sha256":"ba809eaa00b11e75b6df24756f41cf0e17d2e88c06c73594b16b8e5185e999a7","blake2b_256":"28f4efbba86483317cec0c236df3b05de48f9f8e1160c9c303f39741da825f04"},"filename":"bittensor_burn_monitor-1.5.5-cp310-cp310-macosx_11_0_arm64.whl"},{"hashes":{"md5":"b29f951205a309bd9c01c2e850fd9c1e","sha256":"37d7290cbf76b841505a90c6ea07cfcb0d39e300c776f728be0392da5126f1f5","blake2b_256":"5ff1a0852cf8d6e112df5a2ca0029cbc6810786159d69034b124f81fea02756b"},"filename":"bittensor_burn_monitor-1.5.5-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"},{"filename":"bittensor_burn_monitor-1.5.5-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl","hashes":{"md5":"0a467323ee7ec8019c0f3f07c076c220","sha256":"361f3edeb12b926f8b1c71144134ddbfb82b5c5d3c0754740110121d499eff7a","blake2b_256":"e4368450391955557babab7d40505b1f0a373ded6fb9dd1b56b5764998bae651"}},{"filename":"bittensor_burn_monitor-1.5.5-cp310-cp310-win32.whl","hashes":{"md5":"9da3a1ae6b6063d5035935ab993b87f7","sha256":"9cad3cc6020e25db70ee6bfb98a143d8bee4be7c8e41c8ade907f2d61e0d7b11","blake2b_256":"1286817b53dcf660e74cb0f48971e4d3dec31d9e83cc0fbdf835672c0215fecd"}},{"hashes":{"md5":"6c2d98cfea70b9a586fd55d501e385c6","sha256":"828b30b3d5fbf93a1345f53f0a98db922f2ddd8be86c3251ed0e7c97bbf3b620","blake2b_256":"d4f303a54d24894f433607e9f5730c8f269abfc31fb218bc30791a87d3e7cdce"},"filename":"bittensor_burn_monitor-1.5.5-cp310-cp310-win_amd64.whl"},{"filename":"bittensor_burn_monitor-1.5.5-cp311-cp311-macosx_11_0_arm64.whl","hashes":{"md5":"bb25cca8258a274ea67f822ac670b515","sha256":"e45d93a9382073caa4b544a92c7eb369632c244b401b3209e59abb0ba5004a77","blake2b_256":"74149e487ffca6c427cf113194b904f14ea09265cc3981e8b8df80e39889cea9"}},{"filename":"bittensor_burn_monitor-1.5.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl","hashes":{"md5":"2af1a37d3d9c30d344f3d56891923c88","sha256":"95bdeabd882d0e1d11c87abadac649dc5b9565943440e98cbb8b23634c9f424e","blake2b_256":"0cc419791f6e8dfc5f41a98f34450254499b78e171c4caa1a98dd56882fcdc6f"}},{"hashes":{"md5":"33c91225b5ec002ca2eb7bdf2faf8ded","sha256":"6368ce5eb04b0d334c32247a8da50dded676db98892ee686b4d1ad6df2f8c720","blake2b_256":"82b27b30683dd8cd9d74a36ff8577c96fa71fe91a9e0fc08b8802be55897a978"},"filename":"bittensor_burn_monitor-1.5.5-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl"},{"hashes":{"md5":"fc8dab62ddfcc958f8df365e4deaa5a0","sha256":"af0c022750b52e6000f58d0f08d9f8a1abd13e1d50fe609c1881d5a4e172053e","blake2b_256":"ad2a1dd4bc5d9bc014c88e696884c8925ed3e46a6ef9129c366cfd642ea81f81"},"filename":"bittensor_burn_monitor-1.5.5-cp311-cp311-win32.whl"},{"filename":"bittensor_burn_monitor-1.5.5-cp311-cp311-win_amd64.whl","hashes":{"md5":"f2febaf0d5c7206160c78b981c5dcd3a","sha256":"3d86cf7e278d5a73105a8beb76c4c5129c3b55f111dff0b5dd593986eafe9cec","blake2b_256":"524296b27b7a6d12a17bec0529745eebdb8b220d51c12f8186d59802a433449b"}},{"hashes":{"md5":"7b2a903b09c79af68938c44a954373d7","sha256":"77b58cac830e9a2e9d5e1f3ca5f545556c2df455777d19693c8ab23b536dd556","blake2b_256":"1bfee028afce12206b77529b608b4d76b0d40a55515666e918eb93fa75168fb6"},"filename":"bittensor_burn_monitor-1.5.5-cp312-cp312-macosx_11_0_arm64.whl"},{"hashes":{"md5":"e2c6aecde4a72685f2df14a092a58b74","sha256":"1f304fe7d2e7d84599fadecc9d291a487d120e409e9124ee5ab36d3def76781f","blake2b_256":"3f0e46afb2e0df1fc3a326bb994482609b4f9cac151a501ed9a8f15d56d6c53a"},"filename":"bittensor_burn_monitor-1.5.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"},{"hashes":{"md5":"0b0204651faff203d12b698b02c82e26","sha256":"ba3a15ba1de8f4d4f24039b5833a7226895c407ae1a51698c61fa3b45a83e1dc","blake2b_256":"bea76f51513bcc856e86bd864247d902aff65d6a6958df529a68e5897c80b16d"},"filename":"bittensor_burn_monitor-1.5.5-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl"},{"filename":"bittensor_burn_monitor-1.5.5-cp312-cp312-win32.whl","hashes":{"md5":"a6e52d09207bc6396b6a619f174e19d0","sha256":"cd486a0117de50675e0ae6eb415ca0bf44f076679f03902f85c549490480797e","blake2b_256":"d84878f86bd4ec56c4c528b672aae2fab823e576c580a867608db38ebd2f7099"}},{"hashes":{"md5":"f8d69e08fbb07f77009ae3196fad271d","sha256":"42db970d38f82684c46ce0dc7b90ef878496952b145d25c6feacdd65dc7a7c12","blake2b_256":"90488aa8b119ef1129ba12e55a19b161708a54aa74a2e79f8f0bf223674c42ec"},"filename":"bittensor_burn_monitor-1.5.5-cp312-cp312-win_amd64.whl"},{"filename":"bittensor_burn_monitor-1.5.5-cp313-cp313-macosx_11_0_arm64.whl","hashes":{"md5":"596067df3905e66ef67b2ca05b676128","sha256":"157a04e8d36695b6b2bac821575d56ff0b7f6244f758d0a6e9afd455ae1a9101","blake2b_256":"c3a3d69c19d5ebd97245644f4b2176e9b3aa80eaaa9d7c9714b466888a4fcd8a"}},{"hashes":{"md5":"43701bb9a0efae80930d834ab3ad21d1","sha256":"26c92c20d26dcfe091925e1ef636bb997db1dd828e1c94311fea532d7c55f106","blake2b_256":"0a13144436a0933eaef16fc3d6d465d3586835f5f42c995e61707c8a468a897e"},"filename":"bittensor_burn_monitor-1.5.5-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"},{"hashes":{"md5":"8307a75c8efa9599e4e3a7b283e337cd","sha256":"e721a894f6ad57b795fc8381515ca6a8969ecf4e1f362f90f13158101d1f564d","blake2b_256":"7614ad70100493263af8d3e4c590a20cfab509a8c5e0ba8e7b850ceeea543638"},"filename":"bittensor_burn_monitor-1.5.5-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl"},{"filename":"bittensor_burn_monitor-1.5.5-cp313-cp313-win32.whl","hashes":{"md5":"17dc3d6eaba2447b44785bba650f0407","sha256":"821664c4961472e4def9bf1309015701fbb231e1e98085bd92931a8ecdf697fa","blake2b_256":"6b855fda0b9abe7e245f4c68935469662227e483034ea1f5cf864c23cf1d48bf"}},{"hashes":{"md5":"3d7b58904a8b1d52fa7d1a5256adac3d","sha256":"4cf8cf6d7de223c4f9e9d50148455b53b5a2ee83b891c6d2fc0b5a447f870cd7","blake2b_256":"016d0a08b5c15e9bd68fe166a9c05a2bbe50afd4e938cabe8cc35c624af8b0ca"},"filename":"bittensor_burn_monitor-1.5.5-cp313-cp313-win_amd64.whl"},{"filename":"bittensor_burn_monitor-1.5.5-cp39-cp39-macosx_11_0_arm64.whl","hashes":{"md5":"ee98e2509408ab3bd68ef67e1fbdc999","sha256":"ea82ac798c091b84227b1def27acb27222fb02c71882044a80cf9e640a1465d5","blake2b_256":"eebc641c27934134761acf0b339ec1648c3459e3c3dcbe7561b7fb81fbd7370a"}},{"hashes":{"md5":"1334c6c82a7b3246f13cb4bc08dfb05c","sha256":"162b934239d731d0a901c19705b0f4a3efb7f89c4e5b9898db5ffcea01e26703","blake2b_256":"8f1fee9eb0214675ce2e6087e0999e84b5abe20496b1ef269484ed95e391bc8f"},"filename":"bittensor_burn_monitor-1.5.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"},{"hashes":{"md5":"221432736e120b6266cff046dd022e53","sha256":"332f4c87eddde526d29db9275acd446b0e97a396a7f2d80453ee591a038759af","blake2b_256":"afe9f3e9bb61979e0a3d419c1ace34acf07a353380e06acb30899f0c9afb4f62"},"filename":"bittensor_burn_monitor-1.5.5-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl"},{"hashes":{"md5":"3eeffba3fe1a60f915f3d2cff2f9a36f","sha256":"d281a85d524fa63870ebc930fc951c76575620c84b8ca2314058ca7c68045d9c","blake2b_256":"76ccc84547ae17990b19d9b07d3fc1699017a502d69e42fd648828da18f02825"},"filename":"bittensor_burn_monitor-1.5.5-cp39-cp39-win32.whl"},{"hashes":{"md5":"0276c726e84cbefe9360fd93dacabdc9","sha256":"c302c1eb6a665d321f92e34d44948c013af3288bb133cfbe9dd303f713cb0110","blake2b_256":"fe5e557e00f0e05c2ae737c674e43bfe6f7423b779d493394ca8cd193241fc2b"},"filename":"bittensor_burn_monitor-1.5.5-cp39-cp39-win_amd64.whl"}]},"cwes":[{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."},{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."},{"name":"Embedded Malicious Code","cweId":"CWE-506","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."},{"cweId":"CWE-506","name":"Embedded Malicious Code","description":"The product contains code that appears to be malicious in nature."}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}