---

-= Per source details. Do not edit below this line.=-

Source: kam193 (1b11035719acc6b849ae1ecc983db8841fd3676b4628ebcef0a24392d872eb5e)

The code attempts to monitor the clipboard and replace copied cryptocurrency addresses, as well as establish persistence.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-polymarket-data-fetcher

Reasons (based on the campaign):

• peristence-autorun

• obfuscation

• crypto-related

• The package contains code to detect if it is running in a sandbox environment.

• clipboard-modify

• persistence