NuGet malware targets crypto wallets, OAuth tokens
Pulse ID: 69439352719d393508194edb
Pulse Link: https://otx.alienvault.com/pulse/69439352719d393508194edb
Pulse Author: Tr1sa111
Created: 2025-12-18 05:38:26
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Malware #NuGet #OTX #OpenThreatExchange #bot #Tr1sa111
NuGet malware targets crypto wallets, OAuth tokens
ReversingLabs discovered malicious packages on NuGet targeting the crypto ecosystem. The campaign, starting in July 2025, involved 14 packages impersonating legitimate crypto-related tools. The malware aimed to steal crypto funds by redirecting transactions or exfiltrating secrets for wallet access. Techniques used to appear trustworthy included homoglyphs, version bumping, and inflating download counts. The packages were divided into three groups: wallet stealers, crypto-funds stealers, and Google Ads OAuth stealers. This campaign highlights the ongoing exploitation of trust in the software supply chain, potentially affecting entire projects and communities relying on compromised dependencies.
Pulse ID: 69431f1d8da9595abdfc9c20
Pulse Link: https://otx.alienvault.com/pulse/69431f1d8da9595abdfc9c20
Pulse Author: AlienVault
Created: 2025-12-17 21:22:37
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #Google #GoogleAds #InfoSec #Malware #NuGet #OTX #OpenThreatExchange #RAT #ReversingLabs #Rust #SupplyChain #bot #AlienVault
🚨💻 Watch out as scammers hide fake NuGet packages that impersonate trusted tools to steal crypto keys, redirect funds, and grab sensitive token. 🐍
Read: https://hackread.com/nuget-malicious-packages-steal-crypto-ad-data/
Again, something strange learned today: The #dotnet #nuget package `Microsoft.CodeAnalysis.Testing` is still not updated for .Net10 🤯
Issue tracking this: https://github.com/dotnet/roslyn-sdk/issues/1233
Just had to resort to:
```csharp
private static readonly ReferenceAssemblies Net100 = new(
targetFramework: "net10.0",
referenceAssemblyPackage: new PackageIdentity("Microsoft.NETCore.App.Ref", "10.0.1"),
referenceAssemblyPath: Path.Combine("ref", "net10.0"));
```
🚨 New threat research: An impostor #NuGet package typosquatted a popular .NET tracing library and its author, using homoglyph tricks to blend in, then exfiltrated #Stratis wallet JSON and passwords to a Russian IP address.
Full report →
https://socket.dev/blog/malicious-nuget-package-typosquats-popular-net-tracing-library #dotnet
Interesting initiative, a store for NuGet packages
https://www.reddit.com/r/dotnet/s/l6LMUq1Yce
.NET Conf 2025 Recap – Celebrating .NET 10, Visual Studio 2026, AI, Community, & More
https://devblogs.microsoft.com/dotnet/dotnet-conf-2025-recap/
#microsoft #NET #NET_MAUI #AI #ASP_NET_Core #Blazor #C #NuGet #Visual_Studio #NET_10 #conference #Featured
Spent the evening working on my next nuget package mostlylucid.botdetection https://github.com/scottgal/mostlylucid.nugetpackages/tree/main/Mostlylucid.BotDetection
Bot detection middleware for ASP.NET Core applications with behavioral analysis, header inspection, IP-based detection, and optional LLM-based classification.
My attempt to bring the most powerful free bot detection framework in any language to .net. Uses public lists with auto update, can use a local llm to learn bot behaviours dynamically etc...You can even use it as an adjustable robots.txt where you allow certain search crawlers / ip ranges and not others; at the application level.
IDEALLY you'd do this at host / firewall level but for small companies / self hosters that can be a big complex option.
This makes it at least *possible*.
#csharp #net #aspnet #nuget
Oh, and shoutout to https://github.com/jamesrcounts who ported over the Perl CPAN module Geo::StreetAddress:US we use as a #NuGet package.
🚀 Black Friday vibes for build lovers
Cake Contrib has over 300 @cakebuild.net add-ins ready to power up your automation for the unbeatable price of free
Explore the goodies 🍰
👉 https://www.nuget.org/profiles/cake-contrib
#BlackFriday #dotnet #NuGet #CakeBuild #CakeContrib #OpenSource #devops
TWO great projects queue up.
1. Bot detection - uses the same technique as in node (lists) to give requests a score and a filter to block access to endpoints.
2. Alttext local generator. A Nuget package which uses state of the art Image LLMs to generate useful alttext automatically (with just an api call alttexrService.AltTextFor(image)
and OCR (text from images).
'Unlicens' d OF COURSE. And with articles and docs.
Filling in gaps where I've found cool things on other platforms (python / Javascript) and thought 'hey .net could do with that'.
StructPadding
Представляю свою библиотеку для обнуления байт выравнивания (padding) в unmanaged структурах. Обнуление байт паддинга (padding) обеспечивает детерминированное состояние памяти, что критически важно для двоичного сравнения или вычисления хэша. И не менее важно при бинарной сериализации.
The number of downloads of my NuGet packages exceeded 110,000,000 - https://www.nuget.org/profiles/taritsyn
NuGet 7.0 Release Notes | Microsoft Learn
buff.ly/eyL1wty
#dotnet #nuget #packagemanager #dotnet10
NuGet 7.0 Release Notes
Heute erstmal #VisualStudio 2026 und die neue #Rider und #Resharper Version installiert. Dabei einen Crash beim ersten Start von Rider gehabt und ihn an #Jetbrains gemeldet. Danach dann unser Projekt auf .NET 10 umgestellt und dabei gemerkt, dass noch das #Npgsql #NuGet Package fehlt, um komplett umzustellen. Also noch etwas warten... ansonsten hat alles funktioniert 😄!
Nine #NuGet packages disrupt DBs and industrial systems with time-delayed payloads
https://securityaffairs.com/184383/malware/nine-nuget-packages-disrupt-dbs-and-industrial-systems-with-time-delayed-payloads.html
#securityaffairs #hacking
