Security News > 2023 > October > Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
Malicious NuGet packages appearing to have over 2 million downloads impersonate crypto wallets, crypto exchange, and Discord libraries to infect developers with the SeroXen remote access trojan.
The malicious packages uploaded on NuGet by a user named 'Disti' were discovered by Phylum researchers, who published a report today to warn about the threat.
All six packages in Disti's repository contain the same XML file that downloads 'x.bin,' an obfuscated Windows batch file that carries out malicious activities on the compromised system.
The download numbers are believed to be inflated and may not be representative of the reach of these packages in the NuGet community.
The SeroXen RAT. The packages incorporate two PowerShell scripts that execute CMD and Batch files during installation on the victim's computer.
Hundreds of malicious Python packages found stealing sensitive data.