Windows systems are being infected with the SilentSync RAT malware through a pair of newly identified nefarious Python Package Index packages from CondeTGAPIS, The Hacker News reports.Both Argentinian national health information system-spoofing 'sisaws' and fake string cleaning library 'secmeasure' packages, which have already been removed after being cumulatively downloaded over 800 times, retrieved from PasteBin the Python script that executed SilentSync RAT, according to findings from Zscaler ThreatLabz researchers.Aside from allowing shell command execution, screenshot capturing, and browser data extraction, SilentSync RAT also facilitates file and directory exfiltration via ZIP archives before clearing all artifacts to avoid detection.Despite being primarily aimed at Windows devices, SilentSync was also found to have capabilities allowing macOS and Linux compromise."The discovery of the malicious PyPI packages sisaws and secmeasure highlights the growing risk of supply chain attacks within public software repositories. By leveraging typosquatting and impersonating legitimate packages, threat actors can gain access to personally identifiable information (PII)," said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds



