Security researchers have identified a malicious NuGet package impersonating a legitimate SDK for Sicoob, a major Brazilian financial institution, designed to steal client credentials and PFX certificates. Versions 2.0.0 through 2.0.4 of the fraudulent 'Sicoob.Sdk' package contain data exfiltration capabilities targeting sensitive authentication materials. This discovery highlights the growing thr
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
