Malicious Package Affecting secmeasure package, versions [0,]

Q: How to fix?

Avoid using all malicious instances of the secmeasure package.

Threat Intelligence

Attacked

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-PYTHON-SECMEASURE-12937127
published19 Sept 2025
disclosed2 Aug 2025
creditManisha Ramcharan Prajapati, Satyam Singh

Report a new vulnerability Found a mistake?

Introduced: 2 Aug 2025

Malicious CWE-506 (opens in a new tab)

How to fix?

Avoid using all malicious instances of the secmeasure package.

Overview

secmeasure is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The sisaws package leverages "typosquatting" for the legitimate sisa package, targeting Sistema Integrado de Información Sanitaria Argentino (SISA) API integration. The attack is design to deliver a Remote Access Trojan (RAT) dubbed as SilentSyncof which attempts remote command execution, file exfiltration, screen capturing, and web browser data theft.

References

Zscaler ThreatLabz Report

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
High
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None