Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
From NuGet — to the heart of your system: libraries with a surprise appeared on the shelves of the repository
Message
<blockquote data-quote="Brianwill" data-source="post: 729" data-attributes="member: 15"><p>There is a multi-faceted Trojan hidden in the margins and characters. How do I detect it?</p><p></p><p>Cybersecurity experts have discovered another campaign targeting users of the NuGet repository. As researchers from ReversingLabs found out, it is being conducted from August 1, 2023.</p><p></p><p>Attackers publish fake packages in NuGet, disguising them as popular libraries. Among the detected ones:</p><ul> <li data-xf-list-type="ul">Pathoschild.Stardew.Mod.Build.Config</li> <li data-xf-list-type="ul">KucoinExchange.Net</li> <li data-xf-list-type="ul">Kraken.Exchange</li> <li data-xf-list-type="ul">DiscordsRpc</li> <li data-xf-list-type="ul">SolanaWallet</li> <li data-xf-list-type="ul">Monero</li> <li data-xf-list-type="ul">Modern.Winform.UI</li> <li data-xf-list-type="ul">MinecraftPocket.Server</li> <li data-xf-list-type="ul">IAmRoot</li> <li data-xf-list-type="ul">ZendeskApi.Client.V2</li> <li data-xf-list-type="ul">Betalg<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite12" alt="o_O" title="Er... what? o_O" loading="lazy" data-shortname="o_O" />pen.AI</li> <li data-xf-list-type="ul">Forge.Open.AI</li> <li data-xf-list-type="ul">Pathoschild.Stardew.Mod.BuildConfig</li> <li data-xf-list-type="ul">CData.NetSuite.Net.Framework</li> <li data-xf-list-type="ul">CData.Salesforce.Net.Framework</li> <li data-xf-list-type="ul">CData.Snowflake.API</li> </ul><p></p><p>To mislead the user, scammers resort to various tricks. They artificially inflate the number of file downloads, and mask the code itself with special characters and indents.</p><p></p><p>When the infected library is successfully installed, the download of the main malicious program written by на.NET. This program is placed in temporary repositories on GitHub, probably to make it harder to detect and remove it.</p><p></p><p>Thus, the SeroXen RAT Trojan gets on the victim's computer, which gives hackers full access to the system.</p><p></p><p>Experts note that this is the first known case of using the built-in MSBuild tasks in NuGet for such campaigns.</p><p></p><p>MSBuild is a technology that allows you to automatically run code when installing a library.</p><p></p><p>Developers are advised to be extra vigilant when installing packages from third-party sources. It is also necessary to tighten the verification of files published in the official NuGet repository.</p><p></p><p>The fight against cybercrime requires all market participants to be more vigilant and improve their protection methods. Only a comprehensive approach and attention to detail will help minimize risks.</p></blockquote><p></p>
[QUOTE="Brianwill, post: 729, member: 15"] There is a multi-faceted Trojan hidden in the margins and characters. How do I detect it? Cybersecurity experts have discovered another campaign targeting users of the NuGet repository. As researchers from ReversingLabs found out, it is being conducted from August 1, 2023. Attackers publish fake packages in NuGet, disguising them as popular libraries. Among the detected ones: [LIST] [*]Pathoschild.Stardew.Mod.Build.Config [*]KucoinExchange.Net [*]Kraken.Exchange [*]DiscordsRpc [*]SolanaWallet [*]Monero [*]Modern.Winform.UI [*]MinecraftPocket.Server [*]IAmRoot [*]ZendeskApi.Client.V2 [*]Betalgo_Open.AI [*]Forge.Open.AI [*]Pathoschild.Stardew.Mod.BuildConfig [*]CData.NetSuite.Net.Framework [*]CData.Salesforce.Net.Framework [*]CData.Snowflake.API [/LIST] To mislead the user, scammers resort to various tricks. They artificially inflate the number of file downloads, and mask the code itself with special characters and indents. When the infected library is successfully installed, the download of the main malicious program written by на.NET. This program is placed in temporary repositories on GitHub, probably to make it harder to detect and remove it. Thus, the SeroXen RAT Trojan gets on the victim's computer, which gives hackers full access to the system. Experts note that this is the first known case of using the built-in MSBuild tasks in NuGet for such campaigns. MSBuild is a technology that allows you to automatically run code when installing a library. Developers are advised to be extra vigilant when installing packages from third-party sources. It is also necessary to tighten the verification of files published in the official NuGet repository. The fight against cybercrime requires all market participants to be more vigilant and improve their protection methods. Only a comprehensive approach and attention to detail will help minimize risks. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
From NuGet — to the heart of your system: libraries with a surprise appeared on the shelves of the repository
Top