Security News > 2023 > March > Hackers target .NET developers with malicious NuGet packages
NET developers with cryptocurrency stealers delivered through the NuGet repository and impersonating multiple legitimate packages via typosquatting.
NET developers who had their systems compromised, it could also be explained by the attackers' efforts to legitimize their malicious NuGet packages.
The threat actors also used typosquatting when creating their NuGet repository profiles to impersonate what looked like the accounts of Microsoft software developers working on the NuGet.
The malicious packages are designed to download and execute a PowerShell-based dropper script that configures the infected machine to allow PowerShell execution without restrictions.
"Some packages did not contain any direct malicious payload. Instead, they defined other malicious packages as dependencies, which then contained the malicious script," the researchers added.
This attack is part of a broader malicious effort, with other attackers going as far as uploading more than 144,000 phishing-related packages on multiple open-source package repositories, including NPM, PyPi, and NuGet, as part of a large-scale campaign active throughout 2022.