Vulnerability
Malicious code in bittensor-burn-watch (PyPI)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (16180f1609731d35398f11dbfcb328826d2e39a7acf42fc256b563512645e6e5) Package advertises itself as a Bittensor subnet burn-rate monitor but bundles a live TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID in bittensor_burn_watch/defaults.env that the maintainer's own example file labels as 'Clipboard alerts (admin Telegram)' and notes 'Pip users get these automatically — they do not edit these themselves'. The Telegram chat ID is admin-controlled, so every installer's outbound alert traffic is routed to a destination the maintainer owns and the installer cannot see or change. All actual functionality lives in two Cython-compiled.so files (core.cpython-310-x86_64-linux-gnu.so 6.2 MB and burn_watch.*.so 2.3 MB); the only readable Python is a 107-byte __init__.py and a 77-byte __main__.py that re-export `main` from the compiled binary. With a python-xlib dependency on Linux providing X11 clipboard/selection access, the binary-only distribution prevents installers from auditing what data the package reads from their machine and sends to the maintainer's Telegram. Independently, defaults.env also ships a live third-party Taostats API key (tao-e9b3d1d9-...) to every installer, marked 'bundled; users never set this' — this both leaks the maintainer's own quota/billing identity and turns every install into a free proxy for that account. The combination of hardcoded maintainer-owned destination, 'clipboard alerts' framing in the maintainer's own documentation, advertised purpose (burn monitoring) that does not require clipboard access, and unreviewable compiled-binary logic constitutes a silent-relay supply-chain risk. ## Source: kam193 (37d97a9ef438df1fa515bb24b5258267bc116057a0c8bcc25c4407ed0bfe477c) The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard and if the content matches the pattern, exfiltrates it. Early versions contain this behavior mentioned in the README. The targeted data are likely cryptocurrency secret seed phrases. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-clip-logger Reasons (based on the campaign): - clipboard-stealing - crypto-related
No CVSS base score from NVD or GHSA yet. NVD typically scores within 24–72 hours of publication; GHSA usually within a day for OSS-flagged CVEs. Last record update .
For interim severity, fall back on KEV / EXPLOIT signals and the EPSS percentile (lower panel). Re-check this CVE after one cron tick — the score lands automatically when the source publishes.
FIRST.org publishes EPSS daily. Coverage isn't universal — pre-disclosure CVEs and reserved IDs don't carry an EPSS score until at least one exploitation signal lands. Score will appear within 24 hours of the next EPSS pull.
No exploitation, limited impact or prevalence