Skip to content
The Nexus
SECURITYMay 29 · 09:11 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Cybersecurity researchers identified a malicious NuGet package posing as a C# SDK for Sicoob, a Brazilian cooperative financial system, which steals client IDs and PFX certificates. Socket reported that versions 2.0.0 through 2.0.4 of 'Sicoob.Sdk' exfiltrate sensitive information.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting