{"id":"MAL-2026-5680","summary":"Malicious code in bittensor-burn-message (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (f574e414f35843b11dbb52cd921ce2f2e57f6292845d4770256bea17b41d86e8)\nPackage targets Bittensor (BIP-39) wallet holders. On import, defaults.env loads a hardcoded TELEGRAM_BOT_TOKEN (8666228137) and TELEGRAM_CHAT_ID (8766781014) into the process environment; PACKAGE_OVERRIDE_KEYS prevents users from overriding these via their own.env. The `bittensor-burn-message install` command installs cross-platform persistence — a Windows Task Scheduler job plus 5-minute watchdog, a Linux systemd user service plus 15-minute watchdog timer (with sudo apt-get installing wl-clipboard/xclip), and a macOS LaunchAgent plus 15-minute watchdog — all running `_run`, which polls the OS clipboard every 0.5s. Clipboard contents matching exactly 12 or 24 whitespace-separated words (BIP-39 mnemonic lengths) are deduplicated by fingerprint and POSTed to https://api.telegram.org/bot\u003ctoken\u003e/sendMessage at the hardcoded chat. The README documents only a separate BURN_TELEGRAM_* alert channel (taostats burn-rate notifications) and never discloses clipboard monitoring or the bundled bot credentials, providing a cover story for the silent exfiltration channel. defaults.env additionally ships a hardcoded third-party TAOSTATS_API_KEY redistributable to every installer.\n\n## Source: kam193 (9f944487719b66d8096157672796e641c5d1417d5ab6f9ec40c22da781727c1b)\nThe package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard and if the content matches the pattern, exfiltrates it. The targeted data are likely cryptocurrency secret seed phrases.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-clip-logger\n\n\nReasons (based on the campaign):\n\n\n - clipboard-stealing\n\n\n - crypto-related\n","modified":"2026-06-12T20:01:59.191110644Z","published":"2026-06-11T23:08:13Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2026-06-11T23:08:40.186102Z","id":"pypi/2026-06-clip-logger/bittensor-burn-message","import_time":"2026-06-12T00:03:17.891782138Z","versions":["1.0.1"],"sha256":"9f944487719b66d8096157672796e641c5d1417d5ab6f9ec40c22da781727c1b","source":"kam193"},{"sha256":"f574e414f35843b11dbb52cd921ce2f2e57f6292845d4770256bea17b41d86e8","versions":["1.0.1"],"import_time":"2026-06-12T19:43:57.968922556Z","id":"IN-MAL-2026-006010","modified_time":"2026-06-12T19:07:18Z","source":"amazon-inspector"}]},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/bittensor-burn-message"},{"type":"PACKAGE","url":"https://pypi.org/project/bittensor-burn-message/1.0.1/"}],"affected":[{"package":{"name":"bittensor-burn-message","ecosystem":"PyPI","purl":"pkg:pypi/bittensor-burn-message"},"versions":["1.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bittensor-burn-message/MAL-2026-5680.json","indicators":{"evidence_files":[{"sha256":"9d765d7c1621562a0c7710d0b6db8cc3e4544ed25cd58b296eb937803355d905","path":"bittensor_burn_message/defaults.env","tlsh":"cdd02b12466cfb52ad025d11601aa25d50dd551fbf12c2d0a35b42c7b4514e646fe3a9"},{"sha256":"108b1b1689581d382e10625dd4c3980f2e6d2cb7e60e4376e63f347e5668041c","path":"bittensor_burn_message/core.pyx","tlsh":"c563d609ea292c37d7a7c63d8e47d102621abc970e147434bddca6682f8917ac1f57ec"}],"package_integrity":[{"filename":"bittensor_burn_message-1.0.1.tar.gz","hashes":{"sha256":"2bc371ab68a1a9e9653109762693b51765fead6a4722dc833fe58517ee587046","md5":"6f918c3b2834af8493ecdefe96b67dc6","blake2b_256":"e73ee1b2b3879de8ae244d988551cb07857b905e7d8b96ab38a83a710c6be904"}}]},"cwes":[{"description":"The product contains code that appears to be malicious in nature.","name":"Embedded Malicious Code","cweId":"CWE-506"}]}}],"schema_version":"1.7.5","credits":[{"name":"Amazon Inspector","contact":["inspector-research@amazon.com"],"type":"FINDER"},{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}