The Hacker News
Cybersecurity researchers have recently identified a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's leading cooperative financial systems. This harmful package is designed to extract client IDs and PFX certificates.
According to findings from Socket, versions 2.0.0 to 2.0.4 of "Sicoob.Sdk" contain functionality that enables the exfiltration of sensitive information, such as PFX certificates used for authenticating businesses within the Sicoob banking network. This functionality facilitates automated banking operations, which include processing instant payments and generating dynamic Pix QR codes. The package has reportedly been downloaded nearly 500 times.
Security researcher Kirill Boychenko explained that when a developer initializes the SicoobClient by providing a client ID, a PFX file path, and a PFX password, the package retrieves the PFX file from the disk, Base64-encodes the content, and transmits the client ID, PFX password, and the encoded PFX data to a predefined third-party Sentry endpoint.
Additionally, the package is programmed to capture unprocessed Boleto API responses through a different Sentry endpoint. Boleto is a widely-used cash payment mechanism in Brazil for both online and offline transactions. This capability poses a significant risk as it may reveal sensitive transaction details, payment statuses, amounts, due dates, identifiers, and information about the payer or payee.
The acquisition of such critical data could enable malicious actors to impersonate the victim in API interactions with the Sicoob banking system, thus amplifying the potential for abuse. After responsible disclosure, NuGet has taken action to block the malicious package. The creator behind the package, identified as "sicoob," has also been associated with an additional 11 NuGet packages that have collectively amassed around 6,000 downloads.
Furthermore, it is pertinent to note that the package was initially flagged by the Google Search AI Mode as a legitimate C# library for integrating with Sicoob banking APIs, thereby misleading developers who were unknowingly searching for authentic tools.
Another troubling aspect of this attack is the inconsistency between the GitHub repository linked to the package and the actual artifact distributed through NuGet. It is suspected that the GitHub repository was manipulated to appear legitimate while concealing the malicious data-extracting capabilities embedded solely in the NuGet package.
Importantly, the compromise of Sicoob API authentication materials may result in indirect risks for end users, including potential leaks of financial data and enabling fraudulent payment activities.
Organizations that have utilized the "Sicoob.Sdk" package are urged to promptly remove it, regard any PFX materials as compromised, replace exposed PFX certificates, rotate PFX passwords, and change or deactivate affected client IDs as necessary. Additionally, it is advisable to conduct thorough audits of Sicoob authentication and API logs for any signs of unusual behavior.
Alongside this discovery, researchers have also reported 14 malicious npm packages that exploit typosquatting techniques related to well-known OpenSearch, ElasticSearch, DevOps, and environment-configuration libraries. These packages are designed to capture AWS credentials, HashiCorp Vault tokens, npm tokens, and secrets from CI/CD pipelines. This is accomplished using a credential harvester initiated through a preinstall hook.
According to the Microsoft Defender Security Research Team, the packages were published on May 28, 2026, by a single actor known as "vpmdhaj" (email: [email protected]). The malicious npm packages include @vpmdhaj/devops-tools, @vpmdhaj/elastic-helper, @vpmdhaj/opensearch-setup, @vpmdhaj/search-setup, app-config-utility, elastic-opensearch-helper, env-config-manager, opensearch-config-utility, opensearch-security-scanner, opensearch-setup, opensearch-setup-tool, search-cluster-setup, search-engine-setup, and vpmdhaj-opensearch-setup.
These findings contribute to a concerning trend of supply chain attack campaigns targeting the npm ecosystem in recent days, which includes 164 malicious npm packages across five scoped namespaces, 141 packages published between May 7 and 27, a package named "forge-jsxy" capable of keylogging and clipboard monitoring, and 176 other malicious npm packages utilizing dependency confusion techniques.
A recent report by Sonatype indicates that threat actors are evolving beyond traditional typosquatting methods, moving towards names that appear credible within legitimate developer workflows, which heightens the risk of data theft and malicious payload deployment. This evolution transforms standard installation processes into potential pathways for reconnaissance, credential theft, and further compromise.
Sophisticated brandjacking tactics now include techniques such as prefix or suffix addition, dependency confusion, version mimicry, embedding target terms, altering scopes or namespaces, and adopting names that mimic the function of authentic packages.
Sonatype remarked, "'Typosquatting' has become too narrow a term for this analysis. The broader trend involves the creation of manufactured legitimacy: attackers crafting package names to seem plausible, useful, and operationally normal within modern software ecosystems."
These developments unfold in the context of ongoing software supply chain compromises attributed to TeamPCP (also known as Replicating Marauder and UNC6780), which has aggressively targeted popular developer tools across npm, PyPI, Docker Hub, and Packagist, often in a worm-like manner.
BlueVoyant researcher Michael Warren noted, "Replicating Marauder was not merely inserting malicious code into packages; it also exploited automation, built-in trust, and standard CI/CD workflows to propagate compromises further downstream. This campaign vividly illustrated that a single poisoned dependency or container image could result in a breach within an unrelated organization’s release pipeline. This tactical shift has transformed isolated software poisoning into a reproducible method for expanding victim-to-victim compromise."
Share this story