Malicious PyPI Packages Deliver SilentSync RAT

Sept. 19, 2025, 6:43 p.m.

Description

Two malicious Python packages, sisaws and secmeasure, were discovered in the Python Package Index (PyPI) repository. These packages, created by the same author, deliver a Remote Access Trojan (RAT) called SilentSync. The RAT is capable of remote command execution, file exfiltration, screen capturing, and web browser data theft. It specifically targets Windows systems and communicates with a command-and-control server using HTTP. The packages use typosquatting and mimic legitimate packages to deceive users. SilentSync achieves persistence through platform-specific techniques and can harvest browser data, execute shell commands, capture screenshots, and steal files. This discovery highlights the growing risk of supply chain attacks within public software repositories.

External References

https://www.zscaler.com/blogs/security-research/malicious-pypi-packages-deliver-silentsync-rat#indicators-of-compromise--iocs-
https://otx.alienvault.com/pulse/68cd7f4ac828ce64182a78ea
Tags
rat
python
typosquatting
supply chain
data theft
remote access
pypi
data-exfiltration
supply-chain-attack
browser-data-theft
2025-09-18
silentsync
2025-09-19
python packages

Date

  • Created: Sept. 19, 2025, 4:05 p.m.
  • Published: Sept. 19, 2025, 4:05 p.m.
  • Modified: Sept. 19, 2025, 6:43 p.m.

Attack Patterns

  • SilentSync

Additional Informations

  • Technology
  • Healthcare
  • Argentina