FeedExploreAsk AIAlertsSavedProfile

Categories

AICybersecurityInfrastructureDatabaseTech Updates

Tech news that matters.

FeedExploreAskAlertsSavedProfile
Back to feed
Cybersecurity·High

Malicious NuGet Package Steals Banking Credentials

Illustration of a software supply chain attack where a malicious package infiltrates a development pipeline to steal banking credentials.

TL;DR: A malicious NuGet package, "Sicoob.Sdk," is impersonating a software development kit for a major Brazilian financial system. Versions 2.0.0 to 2.0.4 are designed to steal sensitive developer information, including client IDs and PFX certificates, posing a significant software supply chain security risk.

By Neeraj Dhiman·3h ago·1 min read·updated 1h ago
Source

Key facts

Category
Cybersecurity
Impact
High
Published
3h ago
Source
The Hacker News

Full summary

A fake C# SDK on NuGet, "Sicoob.Sdk," was found stealing sensitive financial credentials and certificates from unsuspecting developers.

Security researchers have discovered a malicious package on the NuGet repository named "Sicoob.Sdk." The package impersonates a C# software development kit for Sicoob, a major Brazilian financial cooperative. According to security firm Socket, versions 2.0.0 through 2.0.4 contain hidden code designed to exfiltrate sensitive information from a developer's environment. The stolen data includes critical credentials like client IDs and PFX certificates, which are used for digital authentication and signing. The package acts as a trojan, tricking developers into compromising their own systems by installing what appears to be a legitimate tool.

This incident is a classic software supply chain attack, targeting developers to breach secure systems. By integrating the malicious package, developers unknowingly introduce a backdoor for attackers. The theft of PFX certificates is especially dangerous, as these files can be used to impersonate the owner, authorize transactions, and access secure financial services. This attack directly impacts developers using the NuGet ecosystem, particularly those building applications for Brazilian financial services. It highlights the critical need for organizations to scrutinize all third-party dependencies and verify their authenticity. This type of attack is part of a broader trend where threat actors exploit the trust developers place in open-source registries like NuGet to distribute malware.

Why it matters

This is a direct software supply chain attack targeting developers through a trusted package manager. It steals high-value financial credentials (PFX certificates), demonstrating a sophisticated threat that can lead to significant financial fraud.

Business impact

Businesses using this malicious package could suffer direct financial loss through fraudulent transactions, credential theft, and reputational damage. It forces development teams to audit their codebase for the compromised dependency and revoke any stolen credentials, leading to significant operational costs.

⚡ Action needed

Users of the "Sicoob.Sdk" NuGet package should immediately check if they are using versions 2.0.0 through 2.0.4. If so, remove the package, audit systems for compromise, and rotate any potentially exposed credentials, including PFX certificates.

Action checklist

  1. 1Identify if your projects use the "Sicoob.Sdk" NuGet package.
  2. 2Verify the version used; immediately remove versions 2.0.0 through 2.0.4.
  3. 3Scan developer machines and build servers for signs of compromise.
  4. 4Revoke and reissue any PFX certificates or client IDs that may have been exposed.
  5. 5Implement dependency scanning tools to vet third-party packages.

Tags

#security#malware#supply chain attack#nuget#credentials theft#sicoob

Related on Notifire

  • ResearchKubernetes security
  • ResearchSoftware supply-chain security
  • ResearchCritical CVEs of 2026

✦ Notifire newsletter

Get more Cybersecurity intelligence

Join engineers getting Notifire’s verified tech briefings — short, sourced, and free. No spam, unsubscribe anytime.

The day's most important tech briefings. No spam, unsubscribe anytime.

Primary source: The Hacker News

Part of our research on

  • Software supply-chain security →

Tech intelligence for engineering teams

Short, verified briefings on AI, cybersecurity, infrastructure, and data — with the analysis and action steps that matter. Every briefing is sourced, fact-checked, and bylined to a named editor.

[email protected]Story tips & corrections welcomeHow we report →

The Notifire briefing

Verified tech intelligence in your inbox — AI, security, infra, and data.

The day's most important tech briefings. No spam, unsubscribe anytime.

Sections

  • AI
  • Cybersecurity
  • Infrastructure
  • Database
  • Tech Updates
  • Web3 & Chains

Newsroom

  • About Notifire
  • Editorial team
  • Editorial standards
  • Methodology
  • AI disclosure
  • Corrections

Resources

  • Explore
  • Research hubs
  • Comparisons
  • Tech glossary
  • FAQ
  • Alerts & watchlists

Follow

  • RSS feed
© 2026 NotifirePrivacyTermsCorrections
An independent, AI-assisted publication. Built at </Alpheric>
IntelligenceLive panel
Live

Top trending

Last 24h

    Popular tags

    Add to watchlist

    +OpenAI+Claude+PostgreSQL+Kubernetes+Cloudflare+AWS+CVE Critical

    Notifire score

    0–100 priority signal — combines impact, freshness, trending velocity, and source credibility.

  1. Atom feed
  2. LinkedIn
  3. X / Twitter
  4. Facebook
  5. Instagram
  6. YouTube