MALICIOUS (1) campaign cataloged at 2026-05-24(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2026-05-polymarket-data-fetcher

The code attempts to monitor the clipboard and replace copied cryptocurrency addresses, as well as establish persistence.

Abuse categories

clipboard_modify

Campaign uses clipboard_modify.

crypto-related

Malicious activity is related to cryptocurrencies or blockchain, e.g. stealing crypto wallets.

obfuscation

Code uses obfuscation techniques to hide its true purpose.

peristence_autorun

Campaign uses peristence_autorun.

persistence

Campaign uses persistence.

sandbox-detection

The package contains code to detect if it is running in a sandbox environment.

Packages in the campaign

campaign:2026-05-polymarket-data-fetcher

• polydata-analytics
• polymarket-data-fetcher