Application security, Supply chain

Ongoing NuGet supply chain attack involves dozens new malicious packages

Share
Delivery man delivering holding parcel box to customer

Nearly 60 new malicious packages have been uploaded to the NuGet package manager to deploy the SeroXen RAT in a supply chain attack that has been underway since last August, The Hacker News reports.

All of the packages, which have already been removed, employed Intermediary Language Weaving to insert malicious code within a Portable Executable .NET binary linked to NuGet packages, including the widely used Guna.UI2.WinForms package, according to a ReversingLabs report. Further examination revealed the utilization of IL weaving to establish a fraudulent package that exploited homoglyphs for certain letters, indicating the adoption of ever-evolving techniques to enable sensitive data and IT asset compromise, noted ReversingLabs security researcher Karlo Zanki. "This latest campaign highlights new ways in which malicious actors are scheming to fool developers as well as security teams into downloading and using malicious or tampered with packages from popular open source package managers like NuGet," wrote Zanki.

Ongoing NuGet supply chain attack involves dozens new malicious packages

All of the packages employed Intermediary Language Weaving to insert malicious code within a Portable Executable .NET binary.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.