mal-2026-4285
Vulnerability from ossf_malicious_packages
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (04c2f2ae400ee7411678735073e22d4c662de5653a4add84eaca159ed0ba004a)
Package self-describes as a Polymarket market-data analytics tool but ships a Windows clipboard monitor (src/polymarket_data_fetcher/_clipper/win_clip.py) that detects copied BTC/ETH/SOL/TRX/Polygon/BSC wallet addresses and silently overwrites them with attacker-controlled replacement addresses, redirecting cryptocurrency transfers to the attacker. The replacement address table and persistence configuration are stored as XOR-encrypted blobs (_W and _P) in src/polymarket_data_fetcher/_obf.py and decoded at runtime via eval() of a host-key-derived decryption, hiding the attacker wallets from static review. The package installs four redundant persistence vectors per platform: on Linux, ~/.config/autostart/data-fetcher.desktop, a user systemd service d-clipper-user.service, an appended background launcher line in ~/.bashrc/~/.profile, and an @reboot crontab entry; on Windows, an HKCU...\Run\DataFetcher registry value, a Startup-folder shortcut, an sc-created DataService service when admin, and a schtasks /sc onlogon /rl highest scheduled task named DataUpdater; on macOS, a ~/Library/LaunchAgents/com.datafetcher.plist with RunAtLoad, Folder Actions registration, and an osascript-added login item named 'Data Sync'. Every malicious code path is gated by an anti-analysis check (src/polymarket_data_fetcher/_utils.py) that enumerates VBoxManage, VMware, VirtualBox, QEMU, Wireshark, IDA, OllyDbg, Process Hacker and aborts on sandbox-shaped usernames — characteristic malware shape, never present in legitimate analytics tooling. The advertised fetch_market_data() function is a thin wrapper around polymarket.com/gamma/markets and exists only as cover; main.py invokes _bg_services() and an infinite sleep loop, so running the bundled polydata-fetcher CLI launches the clipper and persistence in the background. Author metadata is placeholder ('Data Analytics Team data-team@analytics.dev') with no real publisher identity.
Source: kam193 (1b11035719acc6b849ae1ecc983db8841fd3676b4628ebcef0a24392d872eb5e)
The code attempts to monitor the clipboard and replace copied cryptocurrency addresses, as well as establish persistence.
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-05-polymarket-data-fetcher
Reasons (based on the campaign):
-
peristence-autorun
-
obfuscation
-
crypto-related
-
The package contains code to detect if it is running in a sandbox environment.
-
clipboard-modify
-
persistence
- CWE-506 - The product contains code that appears to be malicious in nature.
{
"affected": [
{
"database_specific": {
"cwes": [
{
"cweId": "CWE-506",
"description": "The product contains code that appears to be malicious in nature.",
"name": "Embedded Malicious Code"
}
],
"indicators": {
"evidence_files": [
{
"path": "src/polymarket_data_fetcher/_clipper/win_clip.py",
"sha256": "39cec6c7d3842be4d8f0d1d03876ceded1c3a3278214d99ded288f57c2f4970a",
"tlsh": "c241325254ad5c62c233749f7813926227573d2f4d4838a43caceb145faa0ba50fb3b8"
},
{
"path": "src/polymarket_data_fetcher/_obf.py",
"sha256": "37ca07a4458697be9167019ec5f6c6dbc15d27178f15f69ad72103814779313a",
"tlsh": "d93142d39e6cd1e09796da081a0089a6124ce53b86db471cead5223bfb8842591f13f0"
},
{
"path": "src/polymarket_data_fetcher/_persist/linux_persist.py",
"sha256": "74f6c3db64a4e48351095749a4739752ada7ac7d86619051cfa7e1d38b7c0546",
"tlsh": "25a104f9a96a6971c3b3d37e8502c0d20e893c93da0b5474f4ec4561af89174c2b4f9e"
},
{
"path": "src/polymarket_data_fetcher/_persist/win_persist.py",
"sha256": "1db34ef26bc3e6d4e6418f8c184ba103fddb505f834a92b3f4c323957f46dbf6",
"tlsh": "b6a12265e9576931c723d1aa5006c4826bcb3c93a1496c35b6fc51b0bf450bac2fceeb"
},
{
"path": "src/polymarket_data_fetcher/_persist/darwin_persist.py",
"sha256": "6f8f578087ab222ff493821cc4bd5e694b5803788fdb7c4a9a852ad3e3e8b9c6",
"tlsh": "cf7132a5096e64b087e3e37a4546c0d31b8a7cd3ba0b5838f4fc54a0af455b582f4e9a"
},
{
"path": "src/polymarket_data_fetcher/_utils.py",
"sha256": "d3a43b20000ac539ee35ec1a280a71bec0be1face7e954f961ccca61793adec4",
"tlsh": "835100d7ea60685593e3d25a99478086125c6d33ce46ac38bddc1220ef2d55e83b0bfd"
},
{
"path": "pyproject.toml",
"sha256": "8d817d4cfb3808d70355f024f328eca1c9275b41f258bf1fb9aaaa0eda4d28a4",
"tlsh": "b221327bf8d62c258bc361c560a44a00fe7116233dd4d45e3bdb420c876d96750f9839"
}
],
"package_integrity": [
{
"filename": "polydata_analytics-1.3.0-py3-none-any.whl",
"hashes": {
"blake2b_256": "9e2f72d3d7362616aad360139874c7509e335785832be974dc593ef617f5df62",
"md5": "d5c886b3943d47bd84a04d9206e52231",
"sha256": "e4aa0f5f4ab1b9f85466f2cf5dc3b9d7b3595a633ef1a83fbedb75fcf3fa0cf6"
}
},
{
"filename": "polydata_analytics-1.3.0.tar.gz",
"hashes": {
"blake2b_256": "40067313ff97129f750b58478da47cf32adb0c128ccc783c40b76a0f6e6862d7",
"md5": "835efa0afc7ef927e71970ea9ebf8cb3",
"sha256": "bbd87e5884c65a95e50c914f937caf855d183535ede3274ce18b61bb3b57e49f"
}
}
]
}
},
"package": {
"ecosystem": "PyPI",
"name": "polydata-analytics"
},
"versions": [
"1.3.0",
"1.3.1"
]
}
],
"credits": [
{
"contact": [
"actran@amazon.com"
],
"name": "Amazon Inspector",
"type": "FINDER"
},
{
"contact": [
"https://github.com/kam193",
"https://bad-packages.kam193.eu/"
],
"name": "Kamil Ma\u0144kowski (kam193)",
"type": "REPORTER"
}
],
"database_specific": {
"malicious-packages-origins": [
{
"id": "pypi/2026-05-polymarket-data-fetcher/polydata-analytics",
"import_time": "2026-05-24T18:54:37.081463229Z",
"modified_time": "2026-05-24T18:32:49.982517Z",
"sha256": "1b11035719acc6b849ae1ecc983db8841fd3676b4628ebcef0a24392d872eb5e",
"source": "kam193",
"versions": [
"1.3.0",
"1.3.1"
]
},
{
"id": "IN-MAL-2026-004523",
"import_time": "2026-05-26T05:52:46.316096764Z",
"modified_time": "2026-05-24T18:22:39Z",
"sha256": "04c2f2ae400ee7411678735073e22d4c662de5653a4add84eaca159ed0ba004a",
"source": "amazon-inspector",
"versions": [
"1.3.0"
]
}
]
},
"details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (04c2f2ae400ee7411678735073e22d4c662de5653a4add84eaca159ed0ba004a)\nPackage self-describes as a Polymarket market-data analytics tool but ships a Windows clipboard monitor (src/polymarket_data_fetcher/_clipper/win_clip.py) that detects copied BTC/ETH/SOL/TRX/Polygon/BSC wallet addresses and silently overwrites them with attacker-controlled replacement addresses, redirecting cryptocurrency transfers to the attacker. The replacement address table and persistence configuration are stored as XOR-encrypted blobs (_W and _P) in src/polymarket_data_fetcher/_obf.py and decoded at runtime via eval() of a host-key-derived decryption, hiding the attacker wallets from static review. The package installs four redundant persistence vectors per platform: on Linux, ~/.config/autostart/data-fetcher.desktop, a user systemd service d-clipper-user.service, an appended background launcher line in ~/.bashrc/~/.profile, and an @reboot crontab entry; on Windows, an HKCU\\...\\Run\\DataFetcher registry value, a Startup-folder shortcut, an sc-created DataService service when admin, and a schtasks /sc onlogon /rl highest scheduled task named DataUpdater; on macOS, a ~/Library/LaunchAgents/com.datafetcher.plist with RunAtLoad, Folder Actions registration, and an osascript-added login item named \u0027Data Sync\u0027. Every malicious code path is gated by an anti-analysis check (src/polymarket_data_fetcher/_utils.py) that enumerates VBoxManage, VMware, VirtualBox, QEMU, Wireshark, IDA, OllyDbg, Process Hacker and aborts on sandbox-shaped usernames \u2014 characteristic malware shape, never present in legitimate analytics tooling. The advertised fetch_market_data() function is a thin wrapper around polymarket.com/gamma/markets and exists only as cover; __main__.py invokes _bg_services() and an infinite sleep loop, so running the bundled polydata-fetcher CLI launches the clipper and persistence in the background. Author metadata is placeholder (\u0027Data Analytics Team \u003cdata-team@analytics.dev\u003e\u0027) with no real publisher identity.\n\n## Source: kam193 (1b11035719acc6b849ae1ecc983db8841fd3676b4628ebcef0a24392d872eb5e)\nThe code attempts to monitor the clipboard and replace copied cryptocurrency addresses, as well as establish persistence.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-05-polymarket-data-fetcher\n\n\nReasons (based on the campaign):\n\n\n - peristence-autorun\n\n\n - obfuscation\n\n\n - crypto-related\n\n\n - The package contains code to detect if it is running in a sandbox environment.\n\n\n - clipboard-modify\n\n\n - persistence\n",
"id": "MAL-2026-4285",
"modified": "2026-05-26T05:55:05Z",
"published": "2026-05-24T18:22:39Z",
"references": [
{
"type": "WEB",
"url": "https://bad-packages.kam193.eu/pypi/package/polydata-analytics"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/polydata-analytics/1.3.0/"
}
],
"schema_version": "1.7.4",
"summary": "Malicious code in polydata-analytics (PyPI)"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.