Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware


The NuGet repository is the target of a new “sophisticated and highly-malicious attack” aiming to infect .NET developer systems with cryptocurrency stealer malware.

The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down.

“The packages contained a PowerShell script that would execute upon installation and trigger a download of a ‘second stage’ payload, which could be remotely executed,” JFrog researchers Natan Nehorai and Brian Moussalli said.

Read more…