MAL-2026-5311

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bittensor-burn-monitor/MAL-2026-5311.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2026-5311

Published

2026-06-08T10:34:54Z

Modified

2026-06-08T19:30:52.192660421Z

Summary

Malicious code in bittensor-burn-monitor (PyPI)

Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (b6f3a79211950df5f7a41e4b0845733e4ec71f253c1f0e6c2d3fa9049c1de1a9)

The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard and if the content matches the pattern, exfiltrates it. Early versions contain this behavior mentioned in the README. The targeted data are likely cryptocurrency secret phrases.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-clip-logger

Reasons (based on the campaign):

clipboard-stealing
crypto-related

Database specific

{
    "malicious-packages-origins": [
        {
            "modified_time": "2026-06-08T10:34:54.639889Z",
            "versions": [
                "1.5.0",
                "1.5.3",
                "1.5.5",
                "1.6.0",
                "1.6.3",
                "1.6.5",
                "1.7.0"
            ],
            "sha256": "b6f3a79211950df5f7a41e4b0845733e4ec71f253c1f0e6c2d3fa9049c1de1a9",
            "id": "pypi/2026-06-clip-logger/bittensor-burn-monitor",
            "source": "kam193",
            "import_time": "2026-06-08T11:41:02.5132039Z"
        },
        {
            "modified_time": "2026-06-08T13:13:47.452895Z",
            "versions": [
                "1.5.0",
                "1.5.3",
                "1.5.5",
                "1.6.0",
                "1.6.3",
                "1.6.5",
                "1.7.0"
            ],
            "sha256": "821b859da75ef3ab42615fec48ca522c7e3508af147af7af5759e2277964413c",
            "id": "pypi/2026-06-clip-logger/bittensor-burn-monitor",
            "source": "kam193",
            "import_time": "2026-06-08T13:34:40.934613732Z"
        },
        {
            "modified_time": "2026-06-08T13:41:27.668745Z",
            "versions": [
                "1.5.0",
                "1.5.3",
                "1.5.5",
                "1.6.0",
                "1.6.3",
                "1.6.5",
                "1.7.0"
            ],
            "sha256": "8e00f9218fb5589a0956bfc25343fde68b64422703baae22a4c1bf03e5dff0f0",
            "id": "pypi/2026-06-clip-logger/bittensor-burn-monitor",
            "source": "kam193",
            "import_time": "2026-06-08T15:12:45.406026684Z"
        },
        {
            "modified_time": "2026-06-08T13:41:27.668745Z",
            "versions": [
                "1.5.0",
                "1.5.3",
                "1.5.5",
                "1.6.0",
                "1.6.3",
                "1.6.5",
                "1.7.0"
            ],
            "sha256": "7490be61e057111c7718843cb02f8ee924969393cdef5c83255d4d44bc2fbced",
            "id": "pypi/2026-06-clip-logger/bittensor-burn-monitor",
            "source": "kam193",
            "import_time": "2026-06-08T19:19:19.162340616Z"
        }
    ]
}

References

https://bad-packages.kam193.eu/pypi/package/bittensor-burn-monitor

Credits

- Kamil Mańkowski (kam193) - REPORTER
- - https://github.com/kam193
  - https://bad-packages.kam193.eu/

Affected packages

PyPI / bittensor-burn-monitor

Package

Name: bittensor-burn-monitor; View open source insights on deps.dev
Purl: pkg:pypi/bittensor-burn-monitor

Affected ranges

Affected versions

1.*

1.5.0

1.5.3

1.5.5

1.6.0

1.6.3

1.6.5

1.7.0

Database specific

source

"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bittensor-burn-monitor/MAL-2026-5311.json"