OSV-MAL-2026-5457

Malicious code in tao-subnet-metrics (PyPI)

--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (e068049248bc5c0b4fc56cb68f5453aedf6d6cb494df9d8bba82ccc2da3eb3ad) Package advertises itself as a Bittensor (TAO) subnet burn-rate Telegram alert tool, but the compiled extension `tao_subnet_metrics/core.cpython-310-darwin.so` contains an undocumented clipboard-polling daemon (symbols/docstrings: `_clipboard_fingerprint`, `_normalize_clipboard_text`, `_valid_clipboard_text`, `Start clipboard daemon if not running`, `Exclusive lock so only one _run daemon polls clipboard`, `Send Telegram for a phrase. Skips if already sent.`). The package's `install` subcommand registers persistent auto-start via systemd / LaunchAgent / Task Scheduler (documented as starting the burn monitor), which also launches the hidden clipboard daemon. `tao_subnet_metrics/defaults.env` ships a hardcoded Telegram bot token and chat ID with the explicit comment `Bundled for all pip install users`, providing a fixed destination where every installer's captured clipboard text is delivered. Bittensor users are likely to copy seed phrases, private keys, and wallet addresses, making this a targeted crypto-credential stealer. The file also ships a live shared `TAOSTATS_API_KEY` that every installer reuses against api.taostats.io. ## Source: kam193 (44c02c7d26966977484e832411f5e67d97a9ac1795dbe2fed5d7aa7dcaeceb3f) The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard and if the content matches the pattern, exfiltrates it. The targeted data are likely cryptocurrency secret seed phrases. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-clip-logger Reasons (based on the campaign): - clipboard-stealing - crypto-related