Malicious PyPI Packages Deliver SilentSync RAT www.zscaler.com/blogs/sec…

Zscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In July 2025, a malicious Python package named termncolor was identified by ThreatLabz. Just a few weeks later, on August 4, 2025, ThreatLabz uncovered two more malicious Python packages named sisaws and secmeasure.

The former Python package leverages typosquatting for the legitimate sisa package, which integrates with the public APIs for Sistema Integrado de Información Sanitaria Argentino (SISA), which is Argentina’s national health information system. Interestingly, ThreatLabz discovered another malicious package named secmeasure, which was created by the same author. Both Python packages deliver a Remote Access Trojan (RAT) that ThreatLabz dubbed SilentSync, which is retrieved from Pastebin. SilentSync’s capabilities include remote command execution, file exfiltration, screen capturing, and web browser data theft.