Two malicious Python packages, sisaws and secmeasure, were discovered in the Python Package Index (PyPI) repository. These packages, created by the same author, deliver a Remote Access Trojan (RAT) called SilentSync. The RAT is capable of remote command execution, file exfiltration, screen capturing, and web browser data theft. It specifically targets Windows systems and communicates with a command-and-control server using HTTP. The packages use typosquatting and mimic legitimate packages to deceive users. SilentSync achieves persistence through platform-specific techniques and can harvest browser data, execute shell commands, capture screenshots, and steal files. This discovery highlights the growing risk of supply chain attacks within public software repositories. Author: AlienVault
Related Tags:
browser-data-theft
supply-chain-attack
SilentSync
data-exfiltration
typosquatting
data theft
Argentina
pypi
T1555
Associated Indicators:
null