Malicious NuGet Package Targets Sicoob Developers

Cybersecurity researchers at Socket identified a malicious NuGet package named "Sicoob.Sdk" (versions 2.0.0 through 2.0.4) impersonating a legitimate C# software development kit for Sicoob, Brazil’s largest cooperative financial system. The package contains functionality to exfiltrate sensitive data, including client IDs and PFX certificates used for authentication. No specific dates or CVE IDs were disclosed in the report. The attack targets developers integrating the fraudulent SDK, potentially compromising banking credentials and cryptographic certificates. The discovery highlights supply chain risks in package repositories like NuGet.