Malicious Typosquatted PyPI Packages Spreading SilentSync RAT

By Mayura Kathir

On August 4, 2025, Zscaler ThreatLabz uncovered two malicious Python packages—sisaws and secmeasure—that deliver SilentSync, a Python-based remote access trojan (RAT), to unsuspecting developers.

Both packages leverage typosquatting to impersonate legitimate libraries in the Python Package Index (PyPI), posing a serious supply-chain risk to projects that install them.

SilentSync’s versatile capabilities include remote command execution, file exfiltration, screen capture, and web-browser data theft. The malware currently targets Windows systems but contains built-in persistence modules for Linux and macOS.

Attack chain for two malicious Python packages discovered by ThreatLabz in the PyPI repository.

On August 4, 2025, ThreatLabz identified two malicious PyPI packages—sisaws (typosquatting the legitimate sisa library) and secmeasure—created by the same author, that silently deploy SilentSync RAT upon import.
SilentSync supports remote command execution, directory or file exfiltration (with ZIP compression), and screenshot capture.
The RAT steals browser data from Chrome ...

Copyright of this story solely belongs to gbhackers . To see the full text click HERE

Share: