This analysis was performed using vet and SafeDep Cloud Malicious Package Analysis. Integrate with GitHub using vet-action GitHub Action.
Note: This report is updated by a verification record
Package contains hardcoded address and transfer_all=True in transfer.py and add.py, redirecting funds to an attacker-controlled account.
Malicious package identified as part of the Bittensor cryptocurrency theft campaign. Contains code designed to steal Bittensor wallet credentials and funds.
Package identified as part of the Bittensor theft campaign discovered by GitLab. Part of a cryptocurrency theft operation targeting Bittensor wallets. Published at 02:59 UTC during the campaign.
Note: This report is updated by a verification record
The package bittenso-cli version 9.9.4 contains multiple instances of suspicious code that strongly suggests malicious intent. Specifically, the transfer.py file overwrites the destination address with a hardcoded address 5FjgkuPzAQHax3hXsSkNtue8E7moEYjTgrDDGxBvCzxc1nqR, effectively redirecting funds to a potentially attacker-controlled account. Additionally, the transfer_all parameter is hardcoded to True, overriding user input and potentially transferring all funds instead of a specified amount. The add.py file also contains a hardcoded transfer to the same suspicious address. These findings, taken together, indicate a high likelihood of malicious behavior designed to steal funds from users.