A sophisticated supply chain attack has been uncovered in which a fraudulent NuGet package impersonated the official C# SDK for Sicoob, one of Brazil’s largest cooperative banking systems. Researchers at Socket identified that Sicoob.Sdk versions 2.0.0 through 2.0.4 contained hidden credential exfiltration logic embedded directly within the package’s DLL. The malicious package, Sicoob.Sdk was published to NuGet on […]
The post Malicious NuGet Package Poses as Sicoob SDK to Steal Passwords appeared first on Cyber Security News.