Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and multi-OS compromise.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Cybersecurity researchers discovered two malicious Python packages on PyPI (sisaws and secmeasure) that deliver the SilentSync remote access trojan. The malware targets Windows systems primarily but includes cross-platform capabilities for Linux and macOS. SilentSync can execute remote commands, capture screenshots, steal browser data including credentials and cookies, and exfiltrate files. The packages used typosquatting techniques to mimic legitimate libraries and have been removed from PyPI after being downloaded hundreds of times.

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers