—

MAL-2026-4286

Malicious code in polymarket-data-fetcher (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (b6b5ac8b803d36ef490adff8a4d3110c4030063bbd2345e4b23d1871909638e9) The code attempts to monitor the clipboard and replace copied cryptocurrency addresses, as well as establish persistence.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-polymarket-data-fetcher

Reasons (based on the campaign):

- peristence-autorun

- obfuscation

- crypto-related

- The package contains code to detect if it is running in a sandbox environment.

- clipboard-modify

- persistence

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / polymarket-data-fetcher

No fixed version published yet for polymarket-data-fetcher (pip). Pin to a known-safe version or switch to an alternative.

References

https://bad-packages.kam193.eu/pypi/package/polymarket-data-fetcher [WEB]