Fri, 29 May 2026
β BackCybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to authenticate businesses with the Sicoob banking network in order to automate banking operations, such as processing instant payments and generating dynamic Pix QR codes. The package is estimated to have been downloaded nearly 500 times. "When a developer instantiates SicoobClient with a client ID, a PFX file path, and a PFX password, the package reads the PFX file from disk, Base64-encodes its contents, and sends the supplied client ID, PFX password, and encoded PFX data to a hardcoded third-party Sentry endpoint," security researcher Kirill Boychenko said.
In addition, the package is designed to capture raw Boleto API responses via a separate Sentry path. Boleto is a popular cash payment method in Brazil for making online and offline purchases. This can potentially expose sensitive transaction details, payment status, amounts, due dates, identifiers, and payer or payee data. As a result, the stolen data could open the door to severe risks, as it can be abused by the threat actor to impersonate the victim's Sicoob banking API integration, Socket added.
Following responsible disclosure,...
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to authenticate businesses with the Sicoob banking network in order to automate banking operations, such as processing instant payments and generating dynamic Pix QR codes. The package is estimated to have been downloaded nearly 500 times. "When a developer instantiates SicoobClient with a client ID, a PFX file path, and a PFX password, the package reads the PFX file from disk, Base64-encodes its contents, and sends the supplied client ID, PFX password, and encoded PFX data to a hardcoded third-party Sentry endpoint," security researcher Kirill Boychenko said.
In addition, the package is designed to capture raw Boleto API responses via a separate Sentry path. Boleto is a popular cash payment method in Brazil for making online and offline purchases. This can potentially expose sensitive transaction details, payment status, amounts, due dates, identifiers, and payer or payee data. As a result, the stolen data could open the door to severe risks, as it can be abused by the threat actor to impersonate the victim's Sicoob banking API integration, Socket added.
Following responsible disclosure, the package has been blocked by NuGet. The profile behind the package, named "sicoob," has also listed 11 other NuGet packages that have collectively racked up about 6,000 downloads. The application security company also said the package was surfaced by Google Search AI Mode as a legitimate C# library for interacting with Sicoob banking APIs, thereby amplifying the malicious package to unsuspecting developers who may be searching for it. Another important aspect of the attack is the source-to-package mismatch between the linked GitHub repository and the artifact distributed via NuGet.
It's suspected that the GitHub repository is designed to lend a veneer of legitimacy to the operation by keeping it clean, while the malicious data-stealing functionality is introduced only in the package uploaded to the registry. What's more, the compromise of Sicoob API authentication material can also pose indirect risks to end users, as it could leak downstream financial data or enable payment abuse. Organizations that have installed "Sicoob.Sdk" are recommended to immediately remove the package, treat PFX material as compromised, replace exposed PFX certificates, rotate PFX passwords, and change or disable affected client IDs where applicable. It's also advised to audit Sicoob authentication and API logs for signs of unusual activity.
The development coincides with the discovery of 14 malicious npm packages that typosquat well-known OpenSearch, ElasticSearch, DevOps, and environment-configuration libraries to harvest AWS credentials, HashiCorp Vault tokens, npm tokens, and CI/CD pipeline secrets from the host environment using a purpose-built credential harvester that's launched through a preinstall hook. Per the Microsoft Defender Security Research Team, the packages were published by a single threat actor named "vpmdhaj" ("[email protected]") on May 28, 2026. The names of the packages are below - The findings are the latest in a staggering spate of supply chain attack campaigns that have targeted the npm ecosystem over the past few days - In a newly published report, Sonatype said threat actors have outgrown classic typosquatting techniques, moving beyond obvious misspellings to using names that appear convincing in legitimate developer workflows so as to steal data and drop malicious payloads. This, in turn, transforms a routine install step into a risk-prone pathway for reconnaissance, credential theft, and follow-on compromise.
Popular brandjacking techniques include prefix or suffix addition, dependency confusion, version mimicry, embedded target terms, altered scopes or namespaces, and names that resemble the function of a legitimate package. "'Typosquatting' is now too narrow a label for what this analysis captures," the supply chain security company said. "The broader pattern is manufactured legitimacy: attackers designing package names to look plausible, useful, and operationally routine inside modern software ecosystems." These incidents have also unfolded against a series of software supply chain compromises that have been linked to TeamPCP (aka Replicating Marauder and UNC6780), which has become a force to be reckoned with by poisoning popular developer tooling across npm, PyPI, Docker Hub, and Packagist in a worm-like fashion. "Replicating Marauder was not just inserting malicious code into packages, but also exploiting automation, inherited trust, and ordinary CI/CD workflows to push compromise further downstream," BlueVoyant researcher Michael Warren said.
"This was the point where the campaign most clearly demonstrated that one poisoned dependency or container image could trigger compromise in an unrelated organization's release pipeline. The tactical shift turned isolated software poisoning into a reproducible method for victim-to-victim expansion." Learn practical strategies to detect and defend against cyber threats beyond zero-day vulnerabilities. Learn how to validate automated pentesting results for accurate security decisions. Get the latest news, expert insights, exclusive resources, and strategies from industry leaders, all for free.