The Hacker NewsArchived May 29, 2026✓ Full text saved
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to
Full text archived locally
✦ AI Summary· Claude Sonnet
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Ravie LakshmananMay 29, 2026Software Supply Chain / Threat Intelligence
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates.
According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to authenticate businesses with the Sicoob banking network in order to automate banking operations, such as processing instant payments and generating dynamic Pix QR codes. The package is estimated to have been downloaded nearly 500 times.
"When a developer instantiates SicoobClient with a client ID, a PFX file path, and a PFX password, the package reads the PFX file from disk, Base64-encodes its contents, and sends the supplied client ID, PFX password, and encoded PFX data to a hardcoded third-party Sentry endpoint," security researcher Kirill Boychenko said.
In addition, the package is designed to capture raw Boleto API responses via a separate Sentry path. Boleto is a popular cash payment method in Brazil for making online and offline purchases. This can potentially expose sensitive transaction details, payment status, amounts, due dates, identifiers, and payer or payee data.
As a result, the stolen data could open the door to severe risks, as it can be abused by the threat actor to impersonate the victim's Sicoob banking API integration, Socket added. Following responsible disclosure, the package has been blocked by NuGet. The profile behind the package, named "sicoob," has also listed 11 other NuGet packages that have collectively racked up about 6,000 downloads.
The application security company also said the package was surfaced by Google Search AI Mode as a legitimate C# library for interacting with Sicoob banking APIs, thereby amplifying the malicious package to unsuspecting developers who may be searching for it.
Another important aspect of the attack is the source-to-package mismatch between the linked GitHub repository and the artifact distributed via NuGet. It's suspected that the GitHub repository is designed to lend a veneer of legitimacy to the operation by keeping it clean, while the malicious data-stealing functionality is introduced only in the package uploaded to the registry.
What's more, the compromise of Sicoob API authentication material can also pose indirect risks to end users, as it could leak downstream financial data or enable payment abuse.
Organizations that have installed "Sicoob.Sdk" are recommended to immediately remove the package, treat PFX material as compromised, replace exposed PFX certificates, rotate PFX passwords, and change or disable affected client IDs where applicable. It's also advised to audit Sicoob authentication and API logs for signs of unusual activity.
The development coincides with the discovery of 14 malicious npm packages that typosquat well-known OpenSearch, ElasticSearch, DevOps, and environment-configuration libraries to harvest AWS credentials, HashiCorp Vault tokens, npm tokens, and CI/CD pipeline secrets from the host environment using a purpose-built credential harvester that's launched through a preinstall hook.
Per the Microsoft Defender Security Research Team, the packages were published by a single threat actor named "vpmdhaj" ("a39155771@gmail.com") on May 28, 2026. The names of the packages are below -
@vpmdhaj/devops-tools
@vpmdhaj/elastic-helper
@vpmdhaj/opensearch-setup
@vpmdhaj/search-setup
app-config-utility
elastic-opensearch-helper
env-config-manager
opensearch-config-utility
opensearch-security-scanner
opensearch-setup
opensearch-setup-tool
search-cluster-setup
search-engine-setup
vpmdhaj-opensearch-setup
The findings are the latest in a staggering spate of supply chain attack campaigns that have targeted the npm ecosystem over the past few days -
164 malicious npm packages across five scoped namespaces containing a postinstall payload that downloads second-stage JavaScript, spawns it as a detached process, and sends the victim's environment variables ("process.env") to "oob.moika[.]tech/report."
141 malicious npm packages published between May 7 and 27, 2026, that abuse npm as free static hosting for an ad-monetized web proxy targeting students, serving popunder ads to those who land these pages through search results or shared links.
A malicious npm package called "forge-jsxy" that's capable of keylogging, clipboard monitoring, .env scanning, shell history exfiltration, host inventory, remote filesystem access, screenshot capture, and cryptocurrency wallet scanning. "Forge-jsxy" is assessed to be a continuation of the "forge-jsx" campaign that came to light late last month.
176 malicious npm packages that employ dependency confusion by using a high version number ("99.99.99") to distribute a postinstall script with capabilities to fingerprint the host and download a platform-specific JavaScript payload, which then conducts additional reconnaissance, exfiltrates credentials and other valuable developer secrets, and downloads and runs a second-stage binary.
In a newly published report, Sonatype said threat actors have outgrown classic typosquatting techniques, moving beyond obvious misspellings to using names that appear convincing in legitimate developer workflows so as to steal data and drop malicious payloads. This, in turn, transforms a routine install step into a risk-prone pathway for reconnaissance, credential theft, and follow-on compromise.
Popular brandjacking techniques include prefix or suffix addition, dependency confusion, version mimicry, embedded target terms, altered scopes or namespaces, and names that resemble the function of a legitimate package.
"'Typosquatting' is now too narrow a label for what this analysis captures," the supply chain security company said. "The broader pattern is manufactured legitimacy: attackers designing package names to look plausible, useful, and operationally routine inside modern software ecosystems."
These incidents have also unfolded against a series of software supply chain compromises that have been linked to TeamPCP (aka Replicating Marauder and UNC6780), which has become a force to be reckoned with by poisoning popular developer tooling across npm, PyPI, Docker Hub, and Packagist in a worm-like fashion.
"Replicating Marauder was not just inserting malicious code into packages, but also exploiting automation, inherited trust, and ordinary CI/CD workflows to push compromise further downstream," BlueVoyant researcher Michael Warren said.
"This was the point where the campaign most clearly demonstrated that one poisoned dependency or container image could trigger compromise in an unrelated organization's release pipeline. The tactical shift turned isolated software poisoning into a reproducible method for victim-to-victim expansion."
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
SHARE
Cloud security, Credential Theft, cybersecurity, DevOps, Malware, NPM, NuGet, Open Source, Software Supply Chain, Threat Intelligence
⚡ Top Stories This Week
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
The New Phishing Click: How OAuth Consent Bypasses MFA
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Developer Workstations Are Now Part of the Software Supply Chain
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Load More ▼
⭐ Featured Resources
Discover How to Navigate the Era of Constant Cyber Exposure
[Guide] Learn to Detect AI Typosquatting Risks in Your Domain
Claim ANY.RUN Anniversary Offer for Faster Malware Analysis
[Guide] Get Key Identity Security Insights From 2026 Snapshot