Which versions of sisaws are malicious?

The following PyPI versions of sisaws are flagged malicious: 2.1.6. Treat any of these as compromised.

How do I remediate sisaws if I installed it?

sisaws is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed sisaws — how do I know if it already compromised me?

If sisaws was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is sisaws part of a known attack campaign?

Yes — sisaws is associated with the 2025-08-secmeasure campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find sisaws across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for sisaws (version 2.1.6). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging sisaws across your stack and pipelines.

Malicious package

sisawsPyPI

Malicious code in sisaws (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-47453

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall sisaws

What this malware does

This package installs the SilentSync remote access trojan and allows remote code execution and data exfiltration. Windows machines are targetted by this malicious package.

Calling a method starts downloading and starting an infostealer script

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-08-secmeasure

Reasons (based on the campaign):

action-hidden-in-lib-usage
Downloads and executes a remote malicious script.
infostealer

Malicious versions

1 flagged

2.1.6

Indicators of compromise (SHA-256)

0cc916986327ca493d55160fe841e48b756a40e030f59880874386e9e1e8a148

12e6684787857c0bbdd34b6ff3ec4baf3146e98d84b084b1041963f6da787456

9667d1a2319af413eca4126f0d483a18c0b5e8118e0e28cdf69c653ff75b1b57

2ee386b6ac644c8dbfe1846f311940b2765b033d4eb73c0b6e552d7c83481e85

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for sisaws (version 2.1.6). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging sisaws across your stack and pipelines.
If you installed it — respond
sisaws is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If sisaws was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks sisaws before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. sisaws on PyPI has been identified as a malicious package (version 2.1.6 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2025-08-secmeasure

References

Credits

Kamil Mańkowski (kam193)

Detect & block this

O3 blocks sisaws-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring