VYPR

npm · Malicious package advisory

Malware

clipboard-guardian

MAL-2026-4290

Malicious code in clipboard-guardian (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (6cf1e5328821dbb36e54a2d796ad934ebe79257f8927e2ba741016c4a0f2c79d)
This package is a cryptocurrency clipper masquerading as a clipboard-protection tool. Its postinstall script (npm-install.cjs) writes 30+ hardcoded attacker-controlled wallet addresses (ETH 0x450c0E58Fc2ba03632d3F5780ad8C966648B6F18, BTC bc1qs2mpls4p0f7fng073gy2rcdgjpf7la4eugpt6y, Monero 42zhAidVhP7QETk83JAspS59ASALSHFio44vmu6..., and addresses for ~30 other chains) into the package's config.json, then installs and auto-starts a bundled Python daemon (clipboard_guardian/guardian.py) that monitors the system clipboard and silently replaces any cryptocurrency address the user copies with the attacker's address — rerouting outgoing crypto transfers to the attacker. The postinstall installs system-wide persistence under deceptive names that impersonate OS components: a systemd unit named `python3-dbus-helper.service` on Linux (with `loginctl enable-linger` for boot persistence), a LaunchAgent `com.apple.python.runtime.plist` on macOS, and a Task Scheduler entry `PyRuntimeBroker` on Windows. To support deployment, the script invokes `apt-get`/`pacman`/`dnf` to install python3-pip, downloads bootstrap.pypa.io/get-pip.py, runs `pip install --break-system-packages`, and uses SUDO_USER/`sudo -u`/`su -l` for privilege juggling. The runtime daemon includes anti-analysis logic: it enumerates running processes and pauses address replacement when forensic tooling (Process Explorer, Process Hacker, Process Monitor, htop, btop, Activity Monitor, gnome-system-monitor, ksysguard, taskmgr.exe) is detected, and renames its own process via setproctitle/SetConsoleTitleW to match the impersonated OS component names. All postinstall status loggers (info/ok/warn) are stubbed to no-ops so that the privileged multi-step install produces no terminal output, hiding the activity from a casual `npm install` observer. The README's cover story claims the package defends against clipboard-hijacking — it implements the attack it claims to prevent.

## Source: ossf-package-analysis (594054a5de1b58c5ed2cdd11d2a561b1733798ed39ef0268b80a926a8007e1c3)
The OpenSSF Package Analysis project identified 'clipboard-guardian' @ 1.0.0 (npm) as malicious.

It is considered malicious because:

- The package executes one or more commands associated with malicious behavior.

Compromised versions (4)

  • 1.0.0
  • 1.0.1
  • 1.0.2
  • 1.0.3

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.