MAL-2026-5311

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bittensor-burn-monitor/MAL-2026-5311.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5311
Published
2026-06-08T10:34:54Z
Modified
2026-06-11T08:01:34.096978145Z
Summary
Malicious code in bittensor-burn-monitor (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (9d4b7067997b5bc9822e964b16a3b4e78b5ec637086732d143889e577fa2d886)

bittensor-burn-monitor advertises itself as a Bittensor subnet burn-rate monitor but ships a covert clipboard logger that exfiltrates installers' clipboard contents to a hardcoded Telegram destination. The package's logic is shipped only as compiled Cython binaries (bittensorburnwatch/core.cpython-310-.so, burn_watch.cpython-310-.so) with a thin init.py that re-exports main; no Python source is provided. The compiled module's own internal documentation describes it as a 'clipboard logger', exposes routines to 'Read clipboard via Win32 API', 'Pick the first working Linux clipboard backend', and run an exclusive daemon that polls the clipboard and sends each capture as a Telegram message. A bundled defaults.env hardcodes a single attacker-controlled bot token and chat ID (TELEGRAM_BOTTOKEN=8666228137:AAFNLMrow4cDf3uEJCl3JY7DeBHtovd1TU, TELEGRAMCHATID=8766781014) so every installer reports to the same destination. The package additionally installs cross-platform persistence so the clipboard daemon survives reboots and respawns if killed — Windows Task Scheduler entries configured to run regardless of battery/time limits with a 15-minute watchdog, a Linux systemd user service + timer, and a macOS LaunchAgent with KeepAlive — and on Linux it silently invokes apt/dnf/pacman to install wl-clipboard/xclip without user prompt to enable clipboard access. Targets Bittensor subnet operators, whose clipboards routinely contain wallet mnemonics, validator hotkeys, and API tokens. Clipboard capture, the Telegram destination, and the autostart persistence are all undisclosed in the README.

Source: kam193 (b6f3a79211950df5f7a41e4b0845733e4ec71f253c1f0e6c2d3fa9049c1de1a9)

The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard and if the content matches the pattern, exfiltrates it. Early versions contain this behavior mentioned in the README. The targeted data are likely cryptocurrency secret phrases.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-clip-logger

Reasons (based on the campaign):

  • clipboard-stealing

  • crypto-related

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.5.0",
                "1.5.3",
                "1.5.5",
                "1.6.0",
                "1.6.3",
                "1.6.5",
                "1.7.0"
            ],
            "import_time": "2026-06-08T11:41:02.5132039Z",
            "modified_time": "2026-06-08T10:34:54.639889Z",
            "id": "pypi/2026-06-clip-logger/bittensor-burn-monitor",
            "sha256": "b6f3a79211950df5f7a41e4b0845733e4ec71f253c1f0e6c2d3fa9049c1de1a9",
            "source": "kam193"
        },
        {
            "versions": [
                "1.5.0",
                "1.5.3",
                "1.5.5",
                "1.6.0",
                "1.6.3",
                "1.6.5",
                "1.7.0"
            ],
            "import_time": "2026-06-08T13:34:40.934613732Z",
            "modified_time": "2026-06-08T13:13:47.452895Z",
            "id": "pypi/2026-06-clip-logger/bittensor-burn-monitor",
            "sha256": "821b859da75ef3ab42615fec48ca522c7e3508af147af7af5759e2277964413c",
            "source": "kam193"
        },
        {
            "versions": [
                "1.5.0",
                "1.5.3",
                "1.5.5",
                "1.6.0",
                "1.6.3",
                "1.6.5",
                "1.7.0"
            ],
            "import_time": "2026-06-08T15:12:45.406026684Z",
            "modified_time": "2026-06-08T13:41:27.668745Z",
            "id": "pypi/2026-06-clip-logger/bittensor-burn-monitor",
            "sha256": "8e00f9218fb5589a0956bfc25343fde68b64422703baae22a4c1bf03e5dff0f0",
            "source": "kam193"
        },
        {
            "versions": [
                "1.5.0",
                "1.5.3",
                "1.5.5",
                "1.6.0",
                "1.6.3",
                "1.6.5",
                "1.7.0"
            ],
            "import_time": "2026-06-08T19:19:19.162340616Z",
            "modified_time": "2026-06-08T13:41:27.668745Z",
            "id": "pypi/2026-06-clip-logger/bittensor-burn-monitor",
            "sha256": "7490be61e057111c7718843cb02f8ee924969393cdef5c83255d4d44bc2fbced",
            "source": "kam193"
        },
        {
            "versions": [
                "1.5.5"
            ],
            "import_time": "2026-06-11T07:49:36.702481669Z",
            "modified_time": "2026-06-11T06:47:31Z",
            "id": "IN-MAL-2026-005649",
            "sha256": "65535357026e6d116c2b6ba4e1439fb27a7bfc9f0b0e9f8ad451bfc165b7e2e3",
            "source": "amazon-inspector"
        },
        {
            "versions": [
                "1.6.5"
            ],
            "import_time": "2026-06-11T07:49:35.983797413Z",
            "modified_time": "2026-06-11T06:47:27Z",
            "id": "IN-MAL-2026-005643",
            "sha256": "98931441510cfd39d8d4af18bbfe35489c57cbcf5c19c34cc7be014dab7b72e3",
            "source": "amazon-inspector"
        },
        {
            "versions": [
                "1.6.3"
            ],
            "import_time": "2026-06-11T07:49:36.318468273Z",
            "modified_time": "2026-06-11T06:47:30Z",
            "id": "IN-MAL-2026-005646",
            "sha256": "9d4b7067997b5bc9822e964b16a3b4e78b5ec637086732d143889e577fa2d886",
            "source": "amazon-inspector"
        },
        {
            "versions": [
                "1.5.3"
            ],
            "import_time": "2026-06-11T07:49:36.625523884Z",
            "modified_time": "2026-06-11T06:47:31Z",
            "id": "IN-MAL-2026-005648",
            "sha256": "0320adfd23bf0dc4511464240ed9065a20af0359199fc3a40cb84dcda5173cd2",
            "source": "amazon-inspector"
        },
        {
            "versions": [
                "1.6.0"
            ],
            "import_time": "2026-06-11T07:49:36.480265988Z",
            "modified_time": "2026-06-11T06:47:30Z",
            "id": "IN-MAL-2026-005647",
            "sha256": "0e1c506bb7e3efe88a67bf774edfc69fbcbf08b06a0f60f6aa1522ad34bb5382",
            "source": "amazon-inspector"
        },
        {
            "versions": [
                "1.5.0"
            ],
            "import_time": "2026-06-11T07:49:36.953337914Z",
            "modified_time": "2026-06-11T06:47:34Z",
            "id": "IN-MAL-2026-005651",
            "sha256": "5a71d05cbac17746808a6d85a119f48095acd900bd4acf86edc577d75ae97029",
            "source": "amazon-inspector"
        }
    ]
}
References
Credits

Affected packages

PyPI / bittensor-burn-monitor

Package

Name
bittensor-burn-monitor
View open source insights on deps.dev
Purl
pkg:pypi/bittensor-burn-monitor

Affected ranges

Affected versions

1.*
1.5.0
1.5.3
1.5.5
1.6.0
1.6.3
1.6.5
1.7.0

Database specific

source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bittensor-burn-monitor/MAL-2026-5311.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    },
    {
        "name": "Embedded Malicious Code",
        "description": "The product contains code that appears to be malicious in nature.",
        "cweId": "CWE-506"
    }
]
indicators
{
    "package_integrity": [
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp310-cp310-macosx_11_0_arm64.whl",
            "hashes": {
                "md5": "d66fbd348f9837926974f0b0722a486e",
                "blake2b_256": "28f4efbba86483317cec0c236df3b05de48f9f8e1160c9c303f39741da825f04",
                "sha256": "ba809eaa00b11e75b6df24756f41cf0e17d2e88c06c73594b16b8e5185e999a7"
            }
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
            "hashes": {
                "md5": "b29f951205a309bd9c01c2e850fd9c1e",
                "sha256": "37d7290cbf76b841505a90c6ea07cfcb0d39e300c776f728be0392da5126f1f5",
                "blake2b_256": "5ff1a0852cf8d6e112df5a2ca0029cbc6810786159d69034b124f81fea02756b"
            }
        },
        {
            "hashes": {
                "md5": "0a467323ee7ec8019c0f3f07c076c220",
                "sha256": "361f3edeb12b926f8b1c71144134ddbfb82b5c5d3c0754740110121d499eff7a",
                "blake2b_256": "e4368450391955557babab7d40505b1f0a373ded6fb9dd1b56b5764998bae651"
            },
            "filename": "bittensor_burn_monitor-1.5.5-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl"
        },
        {
            "hashes": {
                "md5": "9da3a1ae6b6063d5035935ab993b87f7",
                "sha256": "9cad3cc6020e25db70ee6bfb98a143d8bee4be7c8e41c8ade907f2d61e0d7b11",
                "blake2b_256": "1286817b53dcf660e74cb0f48971e4d3dec31d9e83cc0fbdf835672c0215fecd"
            },
            "filename": "bittensor_burn_monitor-1.5.5-cp310-cp310-win32.whl"
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp310-cp310-win_amd64.whl",
            "hashes": {
                "md5": "6c2d98cfea70b9a586fd55d501e385c6",
                "sha256": "828b30b3d5fbf93a1345f53f0a98db922f2ddd8be86c3251ed0e7c97bbf3b620",
                "blake2b_256": "d4f303a54d24894f433607e9f5730c8f269abfc31fb218bc30791a87d3e7cdce"
            }
        },
        {
            "hashes": {
                "md5": "bb25cca8258a274ea67f822ac670b515",
                "sha256": "e45d93a9382073caa4b544a92c7eb369632c244b401b3209e59abb0ba5004a77",
                "blake2b_256": "74149e487ffca6c427cf113194b904f14ea09265cc3981e8b8df80e39889cea9"
            },
            "filename": "bittensor_burn_monitor-1.5.5-cp311-cp311-macosx_11_0_arm64.whl"
        },
        {
            "hashes": {
                "md5": "2af1a37d3d9c30d344f3d56891923c88",
                "sha256": "95bdeabd882d0e1d11c87abadac649dc5b9565943440e98cbb8b23634c9f424e",
                "blake2b_256": "0cc419791f6e8dfc5f41a98f34450254499b78e171c4caa1a98dd56882fcdc6f"
            },
            "filename": "bittensor_burn_monitor-1.5.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl"
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl",
            "hashes": {
                "md5": "33c91225b5ec002ca2eb7bdf2faf8ded",
                "blake2b_256": "82b27b30683dd8cd9d74a36ff8577c96fa71fe91a9e0fc08b8802be55897a978",
                "sha256": "6368ce5eb04b0d334c32247a8da50dded676db98892ee686b4d1ad6df2f8c720"
            }
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp311-cp311-win32.whl",
            "hashes": {
                "md5": "fc8dab62ddfcc958f8df365e4deaa5a0",
                "blake2b_256": "ad2a1dd4bc5d9bc014c88e696884c8925ed3e46a6ef9129c366cfd642ea81f81",
                "sha256": "af0c022750b52e6000f58d0f08d9f8a1abd13e1d50fe609c1881d5a4e172053e"
            }
        },
        {
            "hashes": {
                "md5": "f2febaf0d5c7206160c78b981c5dcd3a",
                "blake2b_256": "524296b27b7a6d12a17bec0529745eebdb8b220d51c12f8186d59802a433449b",
                "sha256": "3d86cf7e278d5a73105a8beb76c4c5129c3b55f111dff0b5dd593986eafe9cec"
            },
            "filename": "bittensor_burn_monitor-1.5.5-cp311-cp311-win_amd64.whl"
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp312-cp312-macosx_11_0_arm64.whl",
            "hashes": {
                "md5": "7b2a903b09c79af68938c44a954373d7",
                "sha256": "77b58cac830e9a2e9d5e1f3ca5f545556c2df455777d19693c8ab23b536dd556",
                "blake2b_256": "1bfee028afce12206b77529b608b4d76b0d40a55515666e918eb93fa75168fb6"
            }
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
            "hashes": {
                "md5": "e2c6aecde4a72685f2df14a092a58b74",
                "sha256": "1f304fe7d2e7d84599fadecc9d291a487d120e409e9124ee5ab36d3def76781f",
                "blake2b_256": "3f0e46afb2e0df1fc3a326bb994482609b4f9cac151a501ed9a8f15d56d6c53a"
            }
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl",
            "hashes": {
                "md5": "0b0204651faff203d12b698b02c82e26",
                "blake2b_256": "bea76f51513bcc856e86bd864247d902aff65d6a6958df529a68e5897c80b16d",
                "sha256": "ba3a15ba1de8f4d4f24039b5833a7226895c407ae1a51698c61fa3b45a83e1dc"
            }
        },
        {
            "hashes": {
                "md5": "a6e52d09207bc6396b6a619f174e19d0",
                "blake2b_256": "d84878f86bd4ec56c4c528b672aae2fab823e576c580a867608db38ebd2f7099",
                "sha256": "cd486a0117de50675e0ae6eb415ca0bf44f076679f03902f85c549490480797e"
            },
            "filename": "bittensor_burn_monitor-1.5.5-cp312-cp312-win32.whl"
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp312-cp312-win_amd64.whl",
            "hashes": {
                "md5": "f8d69e08fbb07f77009ae3196fad271d",
                "sha256": "42db970d38f82684c46ce0dc7b90ef878496952b145d25c6feacdd65dc7a7c12",
                "blake2b_256": "90488aa8b119ef1129ba12e55a19b161708a54aa74a2e79f8f0bf223674c42ec"
            }
        },
        {
            "hashes": {
                "md5": "596067df3905e66ef67b2ca05b676128",
                "sha256": "157a04e8d36695b6b2bac821575d56ff0b7f6244f758d0a6e9afd455ae1a9101",
                "blake2b_256": "c3a3d69c19d5ebd97245644f4b2176e9b3aa80eaaa9d7c9714b466888a4fcd8a"
            },
            "filename": "bittensor_burn_monitor-1.5.5-cp313-cp313-macosx_11_0_arm64.whl"
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
            "hashes": {
                "md5": "43701bb9a0efae80930d834ab3ad21d1",
                "blake2b_256": "0a13144436a0933eaef16fc3d6d465d3586835f5f42c995e61707c8a468a897e",
                "sha256": "26c92c20d26dcfe091925e1ef636bb997db1dd828e1c94311fea532d7c55f106"
            }
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl",
            "hashes": {
                "md5": "8307a75c8efa9599e4e3a7b283e337cd",
                "sha256": "e721a894f6ad57b795fc8381515ca6a8969ecf4e1f362f90f13158101d1f564d",
                "blake2b_256": "7614ad70100493263af8d3e4c590a20cfab509a8c5e0ba8e7b850ceeea543638"
            }
        },
        {
            "hashes": {
                "md5": "17dc3d6eaba2447b44785bba650f0407",
                "blake2b_256": "6b855fda0b9abe7e245f4c68935469662227e483034ea1f5cf864c23cf1d48bf",
                "sha256": "821664c4961472e4def9bf1309015701fbb231e1e98085bd92931a8ecdf697fa"
            },
            "filename": "bittensor_burn_monitor-1.5.5-cp313-cp313-win32.whl"
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp313-cp313-win_amd64.whl",
            "hashes": {
                "md5": "3d7b58904a8b1d52fa7d1a5256adac3d",
                "sha256": "4cf8cf6d7de223c4f9e9d50148455b53b5a2ee83b891c6d2fc0b5a447f870cd7",
                "blake2b_256": "016d0a08b5c15e9bd68fe166a9c05a2bbe50afd4e938cabe8cc35c624af8b0ca"
            }
        },
        {
            "hashes": {
                "md5": "ee98e2509408ab3bd68ef67e1fbdc999",
                "blake2b_256": "eebc641c27934134761acf0b339ec1648c3459e3c3dcbe7561b7fb81fbd7370a",
                "sha256": "ea82ac798c091b84227b1def27acb27222fb02c71882044a80cf9e640a1465d5"
            },
            "filename": "bittensor_burn_monitor-1.5.5-cp39-cp39-macosx_11_0_arm64.whl"
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl",
            "hashes": {
                "md5": "1334c6c82a7b3246f13cb4bc08dfb05c",
                "blake2b_256": "8f1fee9eb0214675ce2e6087e0999e84b5abe20496b1ef269484ed95e391bc8f",
                "sha256": "162b934239d731d0a901c19705b0f4a3efb7f89c4e5b9898db5ffcea01e26703"
            }
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl",
            "hashes": {
                "md5": "221432736e120b6266cff046dd022e53",
                "sha256": "332f4c87eddde526d29db9275acd446b0e97a396a7f2d80453ee591a038759af",
                "blake2b_256": "afe9f3e9bb61979e0a3d419c1ace34acf07a353380e06acb30899f0c9afb4f62"
            }
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp39-cp39-win32.whl",
            "hashes": {
                "md5": "3eeffba3fe1a60f915f3d2cff2f9a36f",
                "sha256": "d281a85d524fa63870ebc930fc951c76575620c84b8ca2314058ca7c68045d9c",
                "blake2b_256": "76ccc84547ae17990b19d9b07d3fc1699017a502d69e42fd648828da18f02825"
            }
        },
        {
            "filename": "bittensor_burn_monitor-1.5.5-cp39-cp39-win_amd64.whl",
            "hashes": {
                "md5": "0276c726e84cbefe9360fd93dacabdc9",
                "blake2b_256": "fe5e557e00f0e05c2ae737c674e43bfe6f7423b779d493394ca8cd193241fc2b",
                "sha256": "c302c1eb6a665d321f92e34d44948c013af3288bb133cfbe9dd303f713cb0110"
            }
        }
    ],
    "evidence_files": [
        {
            "path": "bittensor_burn_watch/defaults.env",
            "sha256": "9d765d7c1621562a0c7710d0b6db8cc3e4544ed25cd58b296eb937803355d905",
            "tlsh": "cdd02b12466cfb52ad025d11601aa25d50dd551fbf12c2d0a35b42c7b4514e646fe3a9"
        },
        {
            "path": "bittensor_burn_watch/core.cpython-310-darwin.so",
            "sha256": "69d737c63e70fe304bfdf46a8caf3e7a0ac6bccdf6cdb272137c9d136c6ce07f",
            "tlsh": "a605e762e3bd3d01c69bb7be7b1c4299260df5a80b38c09e2c1c252c9ed5b154a775b3"
        },
        {
            "path": "bittensor_burn_monitor-1.5.5.dist-info/METADATA",
            "sha256": "0cf56bbeedb99bcac2047766f3dc5291500f11dcf595f8e87d517a6a634d9b88",
            "tlsh": "e8712021b980427e3b65b3776e198b006951c0647ed8b89c34ee9537af03729c2bd23d"
        }
    ]
}