Security News > 2023 > October > Malicious NuGet packages abuse MSBuild to install malware
A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily.
The latest NuGet campaign was spotted by ReversingLabs on October 15, 2023, utilizing different typosquatting packages to install malware.
The novel element in this campaign is that instead of using the standard approach of incorporating downloaders in the install scripts, these packages leverage NuGet's MSBuild integration for code execution.
This is the first documented case of threat actors leveraging this feature in malicious NuGet packages.
Hundreds of malicious Python packages found stealing sensitive data.
Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT. Free Download Manager releases script to check for Linux malware.