THREATPKG
SYNC STALE
Supply-chain threat intelligence
Incident detail
Risk score
92
AI summary
Indexed incident for clip-logger (pypi).
Description
The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard and if the content matches the pattern, exfiltrates it. Early versions contain this behavior mentioned in the README. The targeted data are likely cryptocurrency secret phrases.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-06-clip-logger
Reasons (based on the campaign):
clipboard-stealing
crypto-related
Technical details
Indicators
- affected version<function fixed() { [native code] }75%
- affected version<function fixed() { [native code] }75%
- affected version<function fixed() { [native code] }75%
- affected version<function fixed() { [native code] }75%
- affected version<function fixed() { [native code] }75%
- affected version<function fixed() { [native code] }75%
- affected version<function fixed() { [native code] }75%
- affected version<function fixed() { [native code] }75%
Timeline
- Advisory published
- Indexed by ThreatPkg
Related incidents
- Malicious code in bittensor-burn-watch (PyPI)bittensor-burn-watch92
- Malicious code in executable-stories-jest (npm)executable-stories-jest92
- Malicious code in wrangler-deploy (npm)wrangler-deploy92
- Malicious code in node-env-resolver (npm)node-env-resolver92
- Malicious code in node-env-resolver-vite (npm)node-env-resolver-vite92