Nethereum | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum , a popular Ethereum .NET integration platform, to steal victims' cryptocurrency wallet keys. The package, Netherеum.All , has been found to harbor functionality to decode a command-and-control (C2) endpoint and exfiltrate mnemonic phrases, private keys, and keystore data, according to security company Socket. The library was uploaded by a user named " nethereumgroup " on October 16, 2025. It was taken down from NuGet for violating the service's Terms of Use four days later. What's notable about the NuGet package is that it swaps the last occurrence of the letter "e" with the Cyrillic homoglyph "e" (U+0435) to fool unsuspecting developers into downloading it. In a further attempt to increase the credibility of the package, the threat actors have resorted to artificially inflating the download counts...