-= Per source details. Do not edit below this line.=-
Package exfiltrates source code files to a telegram channel, while the description promises saving them to a git service
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2025-08-giteegit
Reasons (based on the campaign):
files-exfiltration
A Telegram webhook is used to send collected data.
{
"malicious-packages-origins": [
{
"versions": [
"1.0.5",
"1.0.4",
"1.0.1",
"1.0.0"
],
"sha256": "0d3c825f8bc82aad69a0a011e332ebf1656a3560414d67c85273dedb76df6980",
"modified_time": "2025-09-06T11:22:48.06085Z",
"source": "kam193",
"id": "pypi/2025-08-giteegit/giteegit",
"import_time": "2025-12-02T22:30:55.221827037Z"
},
{
"versions": [
"1.0.5",
"1.0.4",
"1.0.1",
"1.0.0"
],
"sha256": "4a26c5d911f4394086eca9dfca0dfb8b05cc0675bac36dfdbec08e30f6d1abed",
"modified_time": "2025-09-06T11:22:48.06085Z",
"source": "kam193",
"id": "pypi/2025-08-giteegit/giteegit",
"import_time": "2025-12-02T23:07:18.242047238Z"
},
{
"versions": [
"1.0.0",
"1.0.1",
"1.0.4",
"1.0.5"
],
"sha256": "3ea37a29534d40261a920fed4880384263ad7ac95f3e053b160fabf232ebf464",
"modified_time": "2025-09-06T11:22:48.06085Z",
"source": "kam193",
"id": "pypi/2025-08-giteegit/giteegit",
"import_time": "2025-12-30T22:39:04.089932295Z"
}
]
}