---

-= Per source details. Do not edit below this line.=-

Source: amazon-inspector (81843a6f21fe31627b1e97fdb8ffe41789c1f921c60512347bbf2b0c2fb30121)

Package self-describes as a 'Touch-friendly Minesweeper overlay for NCR SelfServ kiosks', but the advertised CLI entrypoints (selfservsweeper, selfservsweeper-cli) call run_app() which auto-spawns python -m selfservsweeper.selfservclient as a side process. That module long-polls https://api.telegram.org/bot<redacted>/ using a hardcoded bot token shipped in src/selfservsweeper/api_url.pkl, accepts commands prefixed B2B1: from the Telegram channel @selfservserverbot, and executes attacker-supplied 'jobs'. The job handler in selfservclient.py includes a /file <path> directive that writes attacker-supplied content to disk, and send_file_result reads any path field from a job result and uploads the raw bytes back to Telegram via sendDocument — a bidirectional read/write file primitive on the installer's machine. The Telegram bot token is identical for every install, so anyone who unpacks the wheel inherits command authority over every running instance. grammarly.py additionally loads bundled .pkl artifacts (levenshtein.pkl, user_config_tempdir.pkl) via pickle.load and binds the resulting callables as edit_distance_cls and Sandbox._is_valid_path, invoking them on attacker-controlled job text — an obfuscation channel for arbitrary code reduction. The install --enable-startup subcommand (and the GUI 'Enable' button) writes %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\SelfServSweeper.vbs, persisting the supervisor (and thus the Telegram client) across logins, and the supervisor's auto-update path pip installs the package on every boot to keep the backdoor live and self-updating. The minesweeper UI is cover; the package's effect on any installer who runs the advertised binary is a persistent, attacker-controlled remote command channel with file read/write reach.

Source: kam193 (261d2d72c05ac44f1cc977e3ec5e1f42ff1634f80b06a4b84b62e9079b8de8db)

When used, the package executes remote commands disguised as OCR job requests.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-selfservsweeper

Reasons (based on the campaign):

• obfuscation

• The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

• persistence

• backdoor