Two malicious Python packages, sisaws and secmeasure, were discovered in the Python Package Index (PyPI) repository. These packages, created by the same author, deliver a Remote Access Trojan (RAT) called SilentSync. The RAT is capable of remote command execution, file exfiltration, screen capturing, and web browser data theft. It targets Windows systems and communicates with a command-and-control server using HTTP. The packages employ typosquatting and imitate legitimate modules to deceive users. SilentSync achieves persistence through platform-specific techniques and supports various commands for data exfiltration and system control. This discovery highlights the growing risk of supply chain attacks within public software repositories. Author: AlienVault
Related Tags:
supply-chain-attack
SilentSync
data-exfiltration
typosquatting
Argentina
pypi
T1555
python
T1071
Associated Indicators:
null