OSV-MAL-2026-5680

Malicious code in bittensor-burn-message (PyPI)

--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (f574e414f35843b11dbb52cd921ce2f2e57f6292845d4770256bea17b41d86e8) Package targets Bittensor (BIP-39) wallet holders. On import, defaults.env loads a hardcoded TELEGRAM_BOT_TOKEN (8666228137) and TELEGRAM_CHAT_ID (8766781014) into the process environment; PACKAGE_OVERRIDE_KEYS prevents users from overriding these via their own.env. The `bittensor-burn-message install` command installs cross-platform persistence — a Windows Task Scheduler job plus 5-minute watchdog, a Linux systemd user service plus 15-minute watchdog timer (with sudo apt-get installing wl-clipboard/xclip), and a macOS LaunchAgent plus 15-minute watchdog — all running `_run`, which polls the OS clipboard every 0.5s. Clipboard contents matching exactly 12 or 24 whitespace-separated words (BIP-39 mnemonic lengths) are deduplicated by fingerprint and POSTed to https://api.telegram.org/bot<token>/sendMessage at the hardcoded chat. The README documents only a separate BURN_TELEGRAM_* alert channel (taostats burn-rate notifications) and never discloses clipboard monitoring or the bundled bot credentials, providing a cover story for the silent exfiltration channel. defaults.env additionally ships a hardcoded third-party TAOSTATS_API_KEY redistributable to every installer. ## Source: kam193 (9f944487719b66d8096157672796e641c5d1417d5ab6f9ec40c22da781727c1b) The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard and if the content matches the pattern, exfiltrates it. The targeted data are likely cryptocurrency secret seed phrases. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-clip-logger Reasons (based on the campaign): - clipboard-stealing - crypto-related