What’s new: Two malicious packages, sisaws and secmeasure, were discovered on the Python Package Index (PyPI) that deliver a remote access trojan (RAT) named SilentSync. This malware is capable of remote command execution, file exfiltration, and screen capturing, targeting Windows systems primarily but also has features for Linux and macOS. The packages have been removed from PyPI.
Who’s affected
Python developers who may have downloaded and used the malicious packages sisaws (201 downloads) and secmeasure (627 downloads) are at risk. The packages impersonated legitimate software to gain access to sensitive information.
What to do
- Audit your systems for the presence of the
sisawsandsecmeasurepackages and remove them immediately. - Monitor for any unusual activity or data exfiltration attempts on systems that may have used these packages.
- Educate your development team on the risks of supply chain attacks and the importance of verifying package sources.
