VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Sicoob.Sdk (NuGet) exfiltrates PFX & client ID; npm campaign steals secrets

Sicoob.Sdk в NuGet похищает PFX и client ID; npm‑кампания ворует секреты

A malicious NuGet package Sicoob.Sdk (v2.0.0–2.0.4) steals client IDs and PFX.

Key points:
- Reads PFX, encodes to Base64 and sends client ID, password and PFX to a hard‑coded Sentry; intercepts Boleto responses. Downloaded ≈500 times; NuGet blocked it.
- Concurrently, 14 malicious npm packages ('vpmdhaj') were harvesting AWS/Vault/npm/CI secrets via preinstall scripts.

Recommendations: Uninstall the package; assume PFX compromised—replace certificates and passwords, revoke/rotate client IDs and review logs.

Why it matters: stolen PFX enables impersonation of banking integrations and material financial fraud.

Have you audited your dependencies and CI secrets?

#cybersecurity #supplychain #NuGet #npm

Latest comments

No comments yet.