Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SilentSync delivery via malicious PyPI packages sisaws and secmeasure

Malware Activity
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

Two malicious PyPI packages now expand the supply-chain risk for Python developers by delivering the SilentSync RAT to Windows systems. The packages, sisaws and secmeasure, were uploaded by CondeTGAPIS and later removed from the repository. One package impersonated the legitimate sisa library, while the other posed as a benign security utility. SilentSync can execute commands, steal files, capture screens, and harvest browser credentials and cookies.

Related Happenings

Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials

Campaign
First: 12.05.2026 14:29 Last: 12.05.2026 14:29 Sources 1

About this happening: The **Shai-Hulud** **supply-chain campaign** remains active across **npm**, **PyPI**, and **Composer**, with the latest reporting tying **TeamPCP** to both a claimed **GitHub inte...

Open Happening

Mini Shai-Hulud npm supply-chain malware wave

Malware Activity
First: 12.05.2026 14:07 Last: 12.05.2026 14:07 Sources 1

About this happening: The **Sha1-Hulud** npm supply-chain campaign is a fresh **second wave** of **Shai-Hulud**-style activity that has compromised **hundreds of npm packages**. The malware runs during...

Open Happening

ZiChatBot PyPI supply-chain malware delivery

Malware Activity
First: 07.05.2026 12:20 Last: 07.05.2026 12:20 Sources 1

About this happening: A **PyPI supply-chain attack** used **three packages** to quietly deliver **ZiChatBot**, creating a cross-platform malware risk for **Windows and Linux** installs. The packages we...

Open Happening

Lightning PyPI router_runtime.js credential-stealing payload

Malware Activity
First: 30.04.2026 19:31 Last: 30.04.2026 19:31 Sources 1

About this happening: The **Lightning** PyPI package was pushed in **malicious versions 2.6.2 and 2.6.3** on **April 30, 2026**, turning a normal install into **credential theft** for **developer and C...

Latest development: 04.05.2026 20:15

Microsoft Threat Intelligence says Defender detected and prevented the malicious `lightning==2.6.3` routine in customer environments, notified the Lightning maintainer, and warned that users who ran `import lightning` may need to rotate exposed secrets, keys, and tokens.

Open Happening

Elementary-data package hit by network compromise

Incident
First: 27.04.2026 18:17 Last: 27.04.2026 18:17 Sources 1

About this happening: The **elementary-data** project suffered a **malicious release compromise** that exposed users of **PyPI** and **GitHub Container Registry** to a backdoored package and image. An...

Open Happening

Timeline

  1. 18.09.2025 14:38 2 articles · 8mo ago

    Malicious PyPI packages deliver SilentSync RAT

    Initial Disclosure

    Researchers disclosed two malicious PyPI packages, sisaws and secmeasure, uploaded by CondeTGAPIS and designed to deliver the SilentSync RAT to Windows systems. The sisaws package mimics the legitimate sisa library and uses gen_token() to decode a curl command that fetches a PasteBin-hosted Python script into helper.py for execution, while secmeasure masquerades as a string-cleaning and security utility but also drops SilentSync. SilentSync can execute shell commands, steal files, capture screenshots, and harvest browser data such as credentials, history, autofill data, and cookies from Chrome, Brave, Edge, and Firefox, and it also includes Linux and macOS persistence behaviors and a command server at 200.58.107[.]25 with /checkin, /comando, /respuesta, and /archivo endpoints.

    Show sources
    Open in new tab