bittensor-burn-monitor @1.7.0

Summary

bittensor-burn-monitor advertises itself as a Bittensor subnet burn-rate monitor but ships a covert clipboard logger that exfiltrates installers' clipboard contents to a hardcoded Telegram destination. The package's logic is shipped only as compiled Cython binaries (bittensor_burn_watch/core.cpython-310-*.so, burn_watch.cpython-310-*.so) with a thin __init__.py that re-exports main ; no Python source is provided. The compiled module's own internal documentation describes it as a 'clipboard logger', exposes routines to 'Read clipboard via Win32 API', 'Pick the first working Linux clipboard backend', and run an exclusive daemon that polls the clipboard and sends each capture as a Telegram message. A bundled defaults.env hardcodes a single attacker-controlled bot token and chat ID (TELEGRAM_BOT_TOKEN=8666228137:AAF_NLMrow4cDf3uEJCl3JY7DeBHtovd1TU, TELEGRAM_CHAT_ID=8766781014) so every installer reports to the same destination. The package additionally installs cross-platform persistence so the clipboard daemon survives reboots and respawns if killed — Windows Task Scheduler entries configured to run regardless of battery/time limits with a 15-minute watchdog, a Linux systemd user service + timer, and a macOS LaunchAgent with KeepAlive — and on Linux it silently invokes apt/dnf/pacman to install wl-clipboard/xclip without user prompt to enable clipboard access. Targets Bittensor subnet operators, whose clipboards routinely contain wallet mnemonics, validator hotkeys, and API tokens. Clipboard capture, the Telegram destination, and the autostart persistence are all undisclosed in the README.

Source: amazon-inspector (9d4b7067997b5bc9822e964b16a3b4e78b5ec637086732d143889e577fa2d886)