Malicious PyPI Packages Deliver SilentSync RAT
Summary:
In mid-2025, Zscaler ThreatLabz uncovered a series of malicious Python packages on the PyPI repository, further underscoring the persistent threat of supply chain attacks in open-source software ecosystems. The first discovery came in July with a package called termncolor, followed just weeks later by sisaws and secmeasure on August 4. Both of these latter packages were created by the same author and shared overlapping metadata, suggesting a coordinated campaign. The sisaws package was particularly deceptive, as it typosquatted the legitimate sisa library used to interface with Argentina’s national health information system APIs. At first glance, sisaws mimicked the legitimate package’s modules and functionality, even returning structured responses that appeared authentic. However, buried within its initialization script was a hidden backdoor function that downloaded additional malicious payloads. Similarly, the secmeasure package posed as a library for sanitizing strings but contained a malicious function designed to trigger the same malware download sequence.
Both packages ultimately delivered SilentSync, a Python-based Remote Access Trojan retrieved from Pastebin. SilentSync is capable of a broad range of malicious operations, including remote command execution, file exfiltration, screenshot capture, and theft of sensitive web browser data such as credentials, cookies, and autofill entries from Chrome, Brave, Edge, and Firefox. While the PyPI packages themselves currently only target Windows systems, SilentSync is built with persistence mechanisms for Linux and macOS as well, ensuring it can maintain long-term access if deployed more widely. The malware communicates with a hardcoded command-and-control server via HTTP, using periodic beaconing and a REST API structure to receive commands, upload stolen data, and manage its operations.
Security Officer Comments:
This campaign demonstrates how adversaries are increasingly abusing trusted platforms like PyPI through techniques such as typosquatting and impersonation of legitimate projects. By masquerading as useful libraries, these malicious packages trick developers into unknowingly installing backdoors into their systems. The discovery of sisaws and secmeasure highlights the importance of scrutinizing even widely used software repositories and reinforces the need for developers and organizations to implement strong vetting, monitoring, and security controls when incorporating third-party code into their environments.
Suggested Corrections:
There are a few best practices that you can follow to avoid installing malicious Python packages from the Python Package Index (PyPI):
https://www.zscaler.com/blogs/security-research/malicious-pypi-packages-deliver-silentsync-rat
In mid-2025, Zscaler ThreatLabz uncovered a series of malicious Python packages on the PyPI repository, further underscoring the persistent threat of supply chain attacks in open-source software ecosystems. The first discovery came in July with a package called termncolor, followed just weeks later by sisaws and secmeasure on August 4. Both of these latter packages were created by the same author and shared overlapping metadata, suggesting a coordinated campaign. The sisaws package was particularly deceptive, as it typosquatted the legitimate sisa library used to interface with Argentina’s national health information system APIs. At first glance, sisaws mimicked the legitimate package’s modules and functionality, even returning structured responses that appeared authentic. However, buried within its initialization script was a hidden backdoor function that downloaded additional malicious payloads. Similarly, the secmeasure package posed as a library for sanitizing strings but contained a malicious function designed to trigger the same malware download sequence.
Both packages ultimately delivered SilentSync, a Python-based Remote Access Trojan retrieved from Pastebin. SilentSync is capable of a broad range of malicious operations, including remote command execution, file exfiltration, screenshot capture, and theft of sensitive web browser data such as credentials, cookies, and autofill entries from Chrome, Brave, Edge, and Firefox. While the PyPI packages themselves currently only target Windows systems, SilentSync is built with persistence mechanisms for Linux and macOS as well, ensuring it can maintain long-term access if deployed more widely. The malware communicates with a hardcoded command-and-control server via HTTP, using periodic beaconing and a REST API structure to receive commands, upload stolen data, and manage its operations.
Security Officer Comments:
This campaign demonstrates how adversaries are increasingly abusing trusted platforms like PyPI through techniques such as typosquatting and impersonation of legitimate projects. By masquerading as useful libraries, these malicious packages trick developers into unknowingly installing backdoors into their systems. The discovery of sisaws and secmeasure highlights the importance of scrutinizing even widely used software repositories and reinforces the need for developers and organizations to implement strong vetting, monitoring, and security controls when incorporating third-party code into their environments.
Suggested Corrections:
There are a few best practices that you can follow to avoid installing malicious Python packages from the Python Package Index (PyPI):
- Use a secure installation method: The recommended way to install packages from PyPI is using pip, the official package manager for Python. Make sure you are using the latest version of pip by running pip install --upgrade pip. You can also use pip to verify the integrity of the package before installation by using the --require-hashes option.
- Use a package manager that checks for package vulnerabilities: Some package managers, such as pipenv, provide built-in support for checking for known vulnerabilities in packages. Using a package manager that checks for vulnerabilities can help protect you from installing packages with known security issues.
- Use a virtual environment: A virtual environment is a tool that helps you isolate specific Python environments on a single machine, allowing you to install packages in an isolated location for a particular project. This can be useful if you are worried about a malicious package affecting your system-wide Python installation.
- Use caution when installing packages from unfamiliar sources: Be cautious when installing packages from sources other than PyPI, as they may not have the same level of security and quality control. If you are unsure about the safety of a package, you can check for reviews or ask for recommendations from a trusted source before installing it.
- Keep your packages up to date: Regularly updating the packages you have installed can help ensure that you have the latest security fixes and features. You can use pip to check for and install updates for all your installed packages by running pip list -o and then pip install -U package_name for each package that has an update available.
https://www.zscaler.com/blogs/security-research/malicious-pypi-packages-deliver-silentsync-rat