"The scripts automate the process of downloading, building, and installing the required libraries and tools," security researcher Vladimir Pezo said. "Specifically, when the bootstrap script is executed, it fetches and executes an installation script for the package Distribute from python-distribute[.]org - a legacy domain that is now available for sale in the premium price range while being managed to drive ad revenue."
JFrog said in an analysis. The executable ("_AUTORUN.EXE") is a compiled Go file that, besides including a SOCKS5 implementation as advertised, is also designed to run PowerShell scripts, set firewall rules, and relaunch itself with elevated permissions. It also carries out basic system and network reconnaissance, including Internet Explorer security settings and Windows installation date, and exfiltrates the information to a hard-coded Discord webhook.
In this quiz, you'll revisit the key concepts from Astral's ty: A New Blazing-Fast Type Checker for Python. You'll check your understanding of installing ty from PyPI, running type checks, and interpreting its structured diagnostics. You'll also recall how to configure and silence specific rules, limit the scope of checks, and adjust Python version or platform settings. By completing this quiz, you'll cement your ability to experiment confidently with ty in personal or exploratory projects.
"SilentSync is capable of remote command execution, file exfiltration, and screen capturing," Zscaler ThreatLabz's Manisha Ramcharan Prajapati and Satyam Singh said. "SilentSync also extracts web browser data, including credentials, history, autofill data, and cookies from web browsers like Chrome, Brave, Edge, and Firefox." The packages, now no longer available for download from PyPI, are listed below. They were both uploaded by a user named "CondeTGAPIS."
