SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
What’s new: Two malicious packages, sisaws and secmeasure, were discovered in the Python Package Index (PyPI) that deliver a remote access trojan (RAT) named SilentSync. This malware targets Windows systems and is capable of remote command execution, file exfiltration, and screen capturing, as well as extracting sensitive data from web browsers.
Who’s affected
Python developers who may have downloaded and used the malicious packages from PyPI are at risk. The packages were uploaded by a user named “CondeTGAPIS” and have been removed from the repository.
What to do
- Audit your systems for the presence of the
sisawsandsecmeasurepackages. - Remove any instances of these packages and monitor for unusual activity.
- Implement security measures to prevent the installation of unverified packages from public repositories.
- Educate development teams about the risks of supply chain attacks and the importance of verifying package sources.
