Member
- Joined
- Oct 14, 2023
- Messages
- 225
- Thread Author
- #1
There is a multi-faceted Trojan hidden in the margins and characters. How do I detect it?
Cybersecurity experts have discovered another campaign targeting users of the NuGet repository. As researchers from ReversingLabs found out, it is being conducted from August 1, 2023.
Attackers publish fake packages in NuGet, disguising them as popular libraries. Among the detected ones:
To mislead the user, scammers resort to various tricks. They artificially inflate the number of file downloads, and mask the code itself with special characters and indents.
When the infected library is successfully installed, the download of the main malicious program written by на.NET. This program is placed in temporary repositories on GitHub, probably to make it harder to detect and remove it.
Thus, the SeroXen RAT Trojan gets on the victim's computer, which gives hackers full access to the system.
Experts note that this is the first known case of using the built-in MSBuild tasks in NuGet for such campaigns.
MSBuild is a technology that allows you to automatically run code when installing a library.
Developers are advised to be extra vigilant when installing packages from third-party sources. It is also necessary to tighten the verification of files published in the official NuGet repository.
The fight against cybercrime requires all market participants to be more vigilant and improve their protection methods. Only a comprehensive approach and attention to detail will help minimize risks.
Cybersecurity experts have discovered another campaign targeting users of the NuGet repository. As researchers from ReversingLabs found out, it is being conducted from August 1, 2023.
Attackers publish fake packages in NuGet, disguising them as popular libraries. Among the detected ones:
- Pathoschild.Stardew.Mod.Build.Config
- KucoinExchange.Net
- Kraken.Exchange
- DiscordsRpc
- SolanaWallet
- Monero
- Modern.Winform.UI
- MinecraftPocket.Server
- IAmRoot
- ZendeskApi.Client.V2
- Betalg
pen.AI - Forge.Open.AI
- Pathoschild.Stardew.Mod.BuildConfig
- CData.NetSuite.Net.Framework
- CData.Salesforce.Net.Framework
- CData.Snowflake.API
To mislead the user, scammers resort to various tricks. They artificially inflate the number of file downloads, and mask the code itself with special characters and indents.
When the infected library is successfully installed, the download of the main malicious program written by на.NET. This program is placed in temporary repositories on GitHub, probably to make it harder to detect and remove it.
Thus, the SeroXen RAT Trojan gets on the victim's computer, which gives hackers full access to the system.
Experts note that this is the first known case of using the built-in MSBuild tasks in NuGet for such campaigns.
MSBuild is a technology that allows you to automatically run code when installing a library.
Developers are advised to be extra vigilant when installing packages from third-party sources. It is also necessary to tighten the verification of files published in the official NuGet repository.
The fight against cybercrime requires all market participants to be more vigilant and improve their protection methods. Only a comprehensive approach and attention to detail will help minimize risks.