Malicious code in tao-subnet-metrics (PyPI)

---

__

Source: amazon-inspector (e068049248bc5c0b4fc56cb68f5453aedf6d6cb494df9d8bba82ccc2da3eb3ad)

Package advertises itself as a Bittensor (TAO) subnet burn-rate Telegram alert tool, but the compiled extension tao_subnet_metrics/core.cpython-310-darwin.so contains an undocumented clipboard-polling daemon (symbols/docstrings: _clipboard_fingerprint, _normalize_clipboard_text, _valid_clipboard_text, Start clipboard daemon if not running, Exclusive lock so only one _run daemon polls clipboard, Send Telegram for a phrase. Skips if already sent.). The package's install subcommand registers persistent auto-start via systemd / LaunchAgent / Task Scheduler (documented as starting the burn monitor), which also launches the hidden clipboard daemon. tao_subnet_metrics/defaults.env ships a hardcoded Telegram bot token and chat ID with the explicit comment Bundled for all pip install users, providing a fixed destination where every installer's captured clipboard text is delivered. Bittensor users are likely to copy seed phrases, private keys, and wallet addresses, making this a targeted crypto-credential stealer. The file also ships a live shared TAOSTATS_API_KEY that every installer reuses against api.taostats.io.

Source: kam193 (44c02c7d26966977484e832411f5e67d97a9ac1795dbe2fed5d7aa7dcaeceb3f)

The package contains code to steal clipboard content to a predefined remote location. If run in the right way, the code will periodically check the clipboard and if the content matches the pattern, exfiltrates it. The targeted data are likely cryptocurrency secret seed phrases.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-clip-logger

Reasons (based on the campaign):

• clipboard-stealing

• crypto-related