NuGet Repository | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month, impersonated legitimate packages to execute PowerShell code designed to retrieve a follow-on binary from a hard-coded server. The  two-stage attack  culminates in the deployment of a .NET-based persistent backdoor, called Impala Stealer, which is capable of gaining unauthorized access to users' cryptocurrency accounts. "The payload used a very rare obfuscation technique, called '.NET AoT compilation,' which is a lot more stealthy than using 'off the shelf' obfuscators while still making the binary hard to reverse engineer," JFrog told The Hacker News in a statement. .NET  AoT compilation  is an  optimization technique  that allows apps to be ahead-of-ti...

The  NuGet  repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages contained a PowerShell script that would execute upon installation and trigger a download of a 'second stage' payload, which could be remotely executed," JFrog researchers Natan Nehorai and Brian Moussalli  said . While NuGet packages have been in the past found to  contain vulnerabilities  and be abused to  propagate phishing links , the development marks the first-ever discovery of packages with malicious code. Three of the most downloaded packages – Coinbase.Core, Anarchy.Wrapper.Net, and DiscordRichPresence.API – alone accounted for 166,000 downloads, although it's also possible that the threat actors artificially inflated the download counts using bo...

An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process. In light of the growing number of cyber incidents that target the software supply chain, there is an urgent need to assess such third-party modules for any security risks and minimize the attack surface, ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. NuGet  is a Microsoft-supported mechanism for the .NET platform and functions as a package manager designed to enable developers to share reusable code. The framework maintains a central repository of over 264,000 unique packages that have collectively produced more than 109 billion package downloads. "All identified precompiled software components in our research were different versions of 7Zip, WinSCP and PuT...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...