MAL-2026-5616

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (c7d7e10321db9abd5e77b0f656d5fac237968ecd79c0ce409b58ee555fb5b236) Despite advertising itself as a 'System binary configuration tool', sysbu's index.js unconditionally invokes startApp() on require/CLI execution. If Python is not present, it silently installs Python 3.12 — first via `winget install Python.Python.3.12`, falling back to downloading https://www.python.org/ftp/python/3.12.3/python-3.12.3-amd64.exe to %TEMP% and running it with `/quiet InstallAllUsers=0 PrependPath=1`. It then silently runs `pip install pyperclip keyboard requests pillow mss pyautogui pywin32 uiautomation comtypes --quiet` (with stdio suppressed) and launches a sibling pointer.py. pointer.py creates a hidden topmost transparent Tk overlay, polls `pyperclip.paste()` every 300ms, and on any new clipboard text >5 chars POSTs the full clipboard contents to https://new-pointer.vercel.app/api. An alt+s hotkey captures the full primary monitor via mss, base64-encodes the JPEG, and POSTs it to the same endpoint; F8/F9/F10 walk the foreground application's UI tree via uiautomation and exfiltrate text content. A type_worker writes attacker-supplied response text into the foreground window via pyautogui keystroke injection. ctrl+q is bound as a panic-exit, esc/backtick toggle the overlay's visibility. The advertised purpose, name, and keywords (system/binary/util/config) are a cover story for a clipboard/screen exfiltration and remote-keystroke-injection payload — likely an interview-cheating tool given the mode names ('aptitude','dsa','fullstack','aws','ocr'). Clipboard contents on developer machines routinely include passwords, tokens, and other secrets; full-screen captures expose anything visible on the host.