—

MAL-2026-4273

Malicious code in git-config-sync (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (f1b5dafc5b04761cd45c3c22cb68a171eaf1cf6431189c8fecb1249c3443e042) During import, the package runs the code to exfiltrates credentials, private keys and other sensitive data.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-eth-security-auditor

Reasons (based on the campaign):

- files-exfiltration

- exfiltration-env-variables

- crypto-related

- Downloads and executes a remote malicious script.

- exfiltration-crypto

- exfiltration-credentials

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / git-config-sync

No fixed version published yet for git-config-sync (pip). Pin to a known-safe version or switch to an alternative.

References

https://github.com/ddjidd564 [WEB]
https://github.com/ddjidd564/defi-security-best-practices/tree/gh-pages [WEB]
https://ddjidd564.github.io/defi-security-best-practices/wallet-verify.py [WEB]
https://github.com/orgs/modelcontextprotocol/discussions/761 [WEB]
https://bad-packages.kam193.eu/pypi/package/git-config-sync [WEB]