MAL-2026-5680

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bittensor-burn-message/MAL-2026-5680.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-5680
Published
2026-06-11T23:08:13Z
Modified
2026-06-12T20:01:59.191110644Z
Summary
Malicious code in bittensor-burn-message (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (f574e414f35843b11dbb52cd921ce2f2e57f6292845d4770256bea17b41d86e8)

Package targets Bittensor (BIP-39) wallet holders. On import, defaults.env loads a hardcoded TELEGRAMBOTTOKEN (8666228137) and TELEGRAMCHATID (8766781014) into the process environment; PACKAGEOVERRIDEKEYS prevents users from overriding these via their own.env. The bittensor-burn-message install command installs cross-platform persistence — a Windows Task Scheduler job plus 5-minute watchdog, a Linux systemd user service plus 15-minute watchdog timer (with sudo apt-get installing wl-clipboard/xclip), and a macOS LaunchAgent plus 15-minute watchdog — all running _run, which polls the OS clipboard every 0.5s. Clipboard contents matching exactly 12 or 24 whitespace-separated words (BIP-39 mnemonic lengths) are deduplicated by fingerprint and POSTed to https://api.telegram.org/bot<token>/sendMessage at the hardcoded chat. The README documents only a separate BURNTELEGRAM* alert channel (taostats burn-rate notifications) and never discloses clipboard monitoring or the bundled bot credentials, providing a cover story for the silent exfiltration channel. defaults.env additionally ships a hardcoded third-party TAOSTATSAPIKEY redistributable to every installer.

Source: kam193 (9f944487719b66d8096157672796e641c5d1417d5ab6f9ec40c22da781727c1b)

The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard and if the content matches the pattern, exfiltrates it. The targeted data are likely cryptocurrency secret seed phrases.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-clip-logger

Reasons (based on the campaign):

  • clipboard-stealing

  • crypto-related

Database specific
{
    "malicious-packages-origins": [
        {
            "versions": [
                "1.0.1"
            ],
            "sha256": "9f944487719b66d8096157672796e641c5d1417d5ab6f9ec40c22da781727c1b",
            "modified_time": "2026-06-11T23:08:40.186102Z",
            "source": "kam193",
            "import_time": "2026-06-12T00:03:17.891782138Z",
            "id": "pypi/2026-06-clip-logger/bittensor-burn-message"
        },
        {
            "versions": [
                "1.0.1"
            ],
            "sha256": "f574e414f35843b11dbb52cd921ce2f2e57f6292845d4770256bea17b41d86e8",
            "modified_time": "2026-06-12T19:07:18Z",
            "source": "amazon-inspector",
            "import_time": "2026-06-12T19:43:57.968922556Z",
            "id": "IN-MAL-2026-006010"
        }
    ]
}
References
Credits

Affected packages

PyPI / bittensor-burn-message

Package

Name
bittensor-burn-message
View open source insights on deps.dev
Purl
pkg:pypi/bittensor-burn-message

Affected ranges

Affected versions

1.*
1.0.1

Database specific

indicators
{
    "package_integrity": [
        {
            "filename": "bittensor_burn_message-1.0.1.tar.gz",
            "hashes": {
                "sha256": "2bc371ab68a1a9e9653109762693b51765fead6a4722dc833fe58517ee587046",
                "md5": "6f918c3b2834af8493ecdefe96b67dc6",
                "blake2b_256": "e73ee1b2b3879de8ae244d988551cb07857b905e7d8b96ab38a83a710c6be904"
            }
        }
    ],
    "evidence_files": [
        {
            "sha256": "9d765d7c1621562a0c7710d0b6db8cc3e4544ed25cd58b296eb937803355d905",
            "path": "bittensor_burn_message/defaults.env",
            "tlsh": "cdd02b12466cfb52ad025d11601aa25d50dd551fbf12c2d0a35b42c7b4514e646fe3a9"
        },
        {
            "sha256": "108b1b1689581d382e10625dd4c3980f2e6d2cb7e60e4376e63f347e5668041c",
            "path": "bittensor_burn_message/core.pyx",
            "tlsh": "c563d609ea292c37d7a7c63d8e47d102621abc970e147434bddca6682f8917ac1f57ec"
        }
    ]
}
source
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/bittensor-burn-message/MAL-2026-5680.json"
cwes
[
    {
        "description": "The product contains code that appears to be malicious in nature.",
        "name": "Embedded Malicious Code",
        "cweId": "CWE-506"
    }
]