Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

The Hacker News by The Hacker News
September 18, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Sep 18, 2025Ravie LakshmananMalware / Supply Chain Attack

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems.

“SilentSync is capable of remote command execution, file exfiltration, and screen capturing,” Zscaler ThreatLabz’s Manisha Ramcharan Prajapati and Satyam Singh said. “SilentSync also extracts web browser data, including credentials, history, autofill data, and cookies from web browsers like Chrome, Brave, Edge, and Firefox.”

The packages, now no longer available for download from PyPI, are listed below. They were both uploaded by a user named “CondeTGAPIS.”

  • sisaws (201 Downloads)
  • secmeasure (627 Downloads)
Audit and Beyond

Zscaler said the package sisaws mimics the behavior of the legitimate Python package sisa, which is associated with Argentina’s national health information system, Sistema Integrado de Información Sanitaria Argentino (SISA).

However, present in the library is a function called “gen_token()” in the initialization script (__init__.py) that acts as a downloader for a next-stage malware. To achieve this, it sends a hard-coded token as input, and receives as response a secondary static token in a manner that’s similar to the legitimate SISA API.

“If a developer imports the sisaws package and invokes the gen_token function, the code will decode a hexadecimal string that reveals a curl command, which is then used to fetch an additional Python script,” Zscaler said. “The Python script retrieved from PasteBin is written to the filename helper.py in a temporary directory and executed.”

Secmeasure, in a similar fashion, masquerades as a “library for cleaning strings and applying security measures,” but harbors embedded functionality to drop SilentSync RAT.

SilentSync is mainly geared towards infecting Windows systems at this stage, but the malware is also equipped with built-in features for Linux and macOS as well, making Registry modifications on Windows, altering the crontab file on Linux to execute the payload on system startup, and registering a LaunchAgent on macOS.

The package relies on the secondary token’s presence to send an HTTP GET request to a hard-coded endpoint (“200.58.107[.]25”) in order to receive Python code that’s directly executed in memory. The server supports four different endpoints –

  • /checkin, to verify connectivity
  • /comando, to request commands to execute
  • /respuesta, to send a status message
  • /archivo, to send command output or stolen data
CIS Build Kits

The malware is capable of harvesting browser data, executing shell commands, capturing screenshots, and stealing files. It can also exfiltrate files and entire directories in the form of ZIP archives. Once the data is transmitted, all the artifacts are deleted from the host to sidestep detection efforts.

“The discovery of the malicious PyPI packages sisaws and secmeasure highlight the growing risk of supply chain attacks within public software repositories,” Zscaler said. “By leveraging typosquatting and impersonating legitimate packages, threat actors can gain access to personally identifiable information (PII).”



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Genpact Recognized as a Leader and Star Performer in Everest Group’s Supply Chain Management PEAK Matrix Assessment 2025

Genpact Recognized as a Leader and Star Performer in Everest Group's Supply Chain Management PEAK Matrix Assessment 2025

Recommended.

Second ever international AI safety report published | Computer Weekly

Second ever international AI safety report published | Computer Weekly

February 11, 2026
IBM CEO: 0B Investment Ensures IBM ‘Remains The Epicenter’ Of AI And Innovation

IBM CEO: $150B Investment Ensures IBM ‘Remains The Epicenter’ Of AI And Innovation

April 28, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio