60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, now employing enhanced stealth techniques to evade detection.

These new packages, totaling around 60 and spanning 290 versions, show a refined approach from the previous batch identified in October 2023, according to software supply chain security firm ReversingLabs.

“The attackers have shifted from using NuGet’s MSBuild integrations to a strategy that employs simple, obfuscated downloaders inserted into legitimate PE binary files via Intermediary Language (IL) Weaving, a .NET programming technique for modifying an application’s code post-compilation,” explained security researcher Karlo Zanki.

The primary goal of these counterfeit packages, both new and old, is to deliver a remote access trojan known as SeroXen RAT. All the identified packages have since been taken down.

The latest collection of packages is notable for its use of IL weaving, enabling the injection of malicious functionality into a Portable Executable (PE) .NET binary associated with a legitimate NuGet package. This includes modifying popular open-source packages like Guna.UI2.WinForms, creating a fake package named “GÕ½Õ¸a.UI3.WÑ–nfÖ…rms” that substitutes the letters “u,” “n,” “i,” and “o” with similar-looking characters: “Õ½” (\u057D), “Õ¸” (\u0578), “Ñ–” (\u0456), and “Ö…” (\u0585).

“Threat actors are constantly evolving their methods and tactics to compromise and infect their victims with malicious code used to extract sensitive data or provide attackers with control over IT assets,” Zanki said. “This latest campaign highlights new ways in which malicious actors are scheming to fool developers and security teams into downloading and using malicious or tampered packages from popular open-source package managers like NuGet.”

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

error: Content is protected !!

Sign Up for CXO Digital Pulse Newsletters

Sign Up for CXO Digital Pulse Newsletters to Download the Research Report

Sign Up for CXO Digital Pulse Newsletters to Download the Coffee Table Book

Sign Up for CXO Digital Pulse Newsletters to Download the Vision 2023 Research Report

Download 8 Key Insights for Manufacturing for 2023 Report

Sign Up for CISO Handbook 2023

Download India’s Cybersecurity Outlook 2023 Report

Unlock Exclusive Insights: Access the article

Download CIO VISION 2024 Report

Share your details to download the report

Share your details to download the CISO Handbook 2024