Malware, Supply chain

Illicit PyPI packages leveraged for SilentSync RAT deployment

Laptop screen showing malware warning sign with digital circuit background on desk in modern office environment with natural light and creative concept.

Windows systems are being infected with the SilentSync RAT malware through a pair of newly identified nefarious Python Package Index packages from CondeTGAPIS, The Hacker News reports.

Both Argentinian national health information system-spoofing 'sisaws' and fake string cleaning library 'secmeasure' packages, which have already been removed after being cumulatively downloaded over 800 times, retrieved from PasteBin the Python script that executed SilentSync RAT, according to findings from Zscaler ThreatLabz researchers.

Aside from allowing shell command execution, screenshot capturing, and browser data extraction, SilentSync RAT also facilitates file and directory exfiltration via ZIP archives before clearing all artifacts to avoid detection.

Despite being primarily aimed at Windows devices, SilentSync was also found to have capabilities allowing macOS and Linux compromise.

"The discovery of the malicious PyPI packages sisaws and secmeasure highlights the growing risk of supply chain attacks within public software repositories. By leveraging typosquatting and impersonating legitimate packages, threat actors can gain access to personally identifiable information (PII)," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds