Cybersecurity researchers discovered a malicious NuGet package masquerading as a C# SDK used by Sicoob, successfully exfiltrating sensitive client IDs and PFX certificates.
Cybersecurity researchers have uncovered a malicious NuGet package designed to target Sicoob, one of Brazil's largest cooperative financial systems. The package, which masquerades as a legitimate C# software development kit, was found to contain functionality capable of siphoning sensitive client IDs and PFX certificates. Specifically, versions 2.0.0 through 2.0.4 of the "Sicoob.Sdk" package contain code that allows for the exfiltration of this sensitive banking information.