MAL-2026-5293

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/clip-logger/MAL-2026-5293.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5293
Published
2026-06-07T10:34:10Z
Modified
2026-06-07T11:31:25.027459020Z
Summary
Malicious code in clip-logger (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (7312e6acb4d804a2f8c6d69204ddaea15aa5bcc57109b4b362027f7fc0e43dc2)

The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard and if the content matches the pattern, exfiltrates it. Early versions contain this behavior mentioned in the README. The targeted data are likely cryptocurrency secret phrases.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-clip-logger

Reasons (based on the campaign):

  • clipboard-stealing

  • crypto-related

Database specific 
{
    "malicious-packages-origins": [
        {
            "sha256": "7312e6acb4d804a2f8c6d69204ddaea15aa5bcc57109b4b362027f7fc0e43dc2",
            "source": "kam193",
            "modified_time": "2026-06-07T10:34:10.675855Z",
            "id": "pypi/2026-06-clip-logger/clip-logger",
            "import_time": "2026-06-07T11:14:54.021863435Z",
            "versions": [
                "1.0.0",
                "1.0.1",
                "1.0.2",
                "1.0.3",
                "1.0.4",
                "1.1.0",
                "1.1.1",
                "1.1.2"
            ]
        }
    ]
}
References
Credits

Affected packages

PyPI / clip-logger

Package

Name
clip-logger
View open source insights on deps.dev
Purl
pkg:pypi/clip-logger

Affected ranges

Affected versions

1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.1.0
1.1.1
1.1.2

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/clip-logger/MAL-2026-5293.json"