Cybersecurity researchers discovered a malicious NuGet package posing as a C# software development kit from Sicoob, one of Brazil’s largest cooperative financial systems, and siphoning client IDs and PFX certificates.
According to Socket, versions 2.0.0 to 2.0.4 of Sicoob.Sdk include the ability to extract sensitive information such as PFX certificates used to authenticate businesses on the Sicoob banking network in order to automate banking operations such as instant payment processing and dynamic Pix QR code generation. It is estimated that this package has been downloaded nearly 500 times.
“When a developer instantiates SicoobClient with a client ID, PFX file path, and PFX password, the package reads the PFX file from disk, Base64-encodes its contents, and sends the provided client ID, PFX password, and encoded PFX data to a hardcoded third-party Sentry endpoint,” said security researcher Kirill Boychenko.
Additionally, this package is designed to capture raw Boleto API responses through a separate Sentry path. Boleto is a common cash payment method for online and offline purchases in Brazil. This can potentially expose sensitive transaction details, payment status, amount, due date, identifiers, payer or payee data.
As a result, the stolen data could be exploited by threat actors to impersonate the victim’s Sicoob banking API integration, opening the door to serious risks, Socket added. After responsible disclosure, the package was blocked by NuGet. The profile behind the package named “sicoob” also lists 11 other NuGet packages that have totaled around 6,000 downloads.
The application security company also said that this package was surfaced by Google Search AI mode as a legitimate C# library for interacting with the Sicoob banking API, thus amplifying the malicious package against unsuspecting developers searching for it.
Another important aspect of this attack is the source and package mismatch between the linked GitHub repository and the artifacts distributed via NuGet. It is suspected that the GitHub repository is designed to provide a veneer of legitimacy to the operation by remaining clean while malicious data stealing functionality is deployed only in packages uploaded to the registry.
Additionally, compromise of Sicoob API authentication materials may also pose indirect risks to end users, as it may enable downstream financial data leakage and payment misuse.
Organizations that have installed ‘Sicoob.Sdk’ are advised to immediately remove the package, treat any PFX material as compromised, replace any exposed PFX certificates, rotate PFX passwords, and change or disable affected client IDs if applicable. We also recommend auditing Sicoob authentication and API logs for signs of unusual activity.
This development coincided with the discovery of 14 malicious npm packages that typosquat popular OpenSearch, ElasticSearch, DevOps, and environment configuration libraries to collect AWS credentials, HashiCorp Vault tokens, npm tokens, and CI/CD pipeline secrets from the host environment using a specialized credential harvester launched through a preinstallation hook.
According to the Microsoft Defender Security Research Team, these packages were published by a single threat actor named ‘vpmdhaj’ (‘a39155771@gmail.com’) on May 28, 2026. The package names are:
@vpmdhaj/devops-tools @vpmdhaj/elastic-helper @vpmdhaj/opensearch-setup @vpmdhaj/search-setup app-config-utility elastic-opensearch-helper env-config-manager opensearch-config-utility opensearch-security-scanner opensearch-setup opensearch-setup-tool search-cluster-setup search-engine-setup vpmdhaj-opensearch-setup
Over the past few days, various software supply chain attack campaigns targeting the open source ecosystem have been reported.
164 malicious npm packages across 5 scoped namespaces[.]tech/report.” 141 malicious npm packages published between May 7 and 27, 2026 exploit npm as a free static hosting of ad monetized web proxies targeting students and serve pop-under ads to users who visit these pages through search results or shared links. The malicious npm package, known as ‘forge-jsxy’, uses keylogging, clipboard monitoring, and .env It can perform scans, shell history extraction, host inventory, and remote file systems. ‘Forge-jsxy’ is assessed to be a continuation of the ‘forge-jsx’ campaign that was uncovered late last month, using high version numbers (‘99.99.99’) to exploit dependency confusion, distributing post-install scripts with the ability to fingerprint hosts, download platform-specific JavaScript payloads, and perform additional reconnaissance. It steals credentials and other valuable developer secrets, then downloads and executes a second stage binary.
Sonatype said in a new report that threat actors are moving beyond traditional typosquatting techniques and beyond obvious misspellings to steal data and drop malicious payloads using names that appear convincing in legitimate developer workflows. This turns routine installation procedures into risk-prone vectors for reconnaissance, credential theft, and subsequent compromise.
Common brandjacking techniques include adding prefixes or suffixes, confusing dependencies, copying versions, embedded target terms, changing scope or namespaces, and names that resemble features of legitimate packages.
A supply chain security company said, “The term ‘typosquatting’ is too narrow to be captured in this analysis.” “A broader pattern is to fabricate legitimacy, meaning attackers design package names to appear plausible, useful, and operationally routine within the modern software ecosystem.”
These incidents also revolved around a series of software supply chain breaches related to TeamPCP (also known as Replicating Marauder and UNC6780). TeamPCP has become a force to be reckoned with by contaminating popular developer tools across npm, PyPI, Docker Hub, and Packagist in a worm-like manner.
“Marauder clones not only injected malicious code into packages, but also exploited automation, inherited trust, and normal CI/CD workflows to further compromise downstream,” said BlueVoyant researcher Michael Warren.
“This was the point where the campaign most clearly demonstrated that a single tainted dependency or container image can cause a breach in an unrelated organization’s release pipeline. The shift in tactics turned isolated software poisoning into a repeatable method for propagation from victim to victim.”
Source link
