home.social

#nuget — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #nuget, aggregated by home.social.

  1. From the .NET blog...

    In case you missed it earlier...

    NuGet Package Pruning: Cleaner Dependencies and Actionable Vulnerability Reports
    devblogs.microsoft.com/dotnet/

  2. 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

    Pulse ID: 6a0160261c57f2812cc5a92c
    Pulse Link: otx.alienvault.com/pulse/6a016
    Pulse Author: Tr1sa111
    Created: 2026-05-11 04:50:46

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Chinese #CyberSecurity #InfoSec #NuGet #OTX #OpenThreatExchange #bot #Tr1sa111

  3. 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

    Five malicious NuGet packages published under account bmrxntfj impersonate Chinese .NET libraries to deploy an infostealer targeting browser credentials, cryptocurrency wallets, SSH keys, and local files. The packages typosquat legitimate Chinese UI and infrastructure libraries, grafting .NET Reactor-protected payloads onto decompiled legitimate code. The campaign uses version rotation to evade hash-based detection, with 219 of 224 total versions unlisted but fetchable. The stealer targets 12 browsers, 8 desktop crypto wallets, and 5 browser wallet extensions, exfiltrating data to a newly-registered C2 domain. With approximately 65,000 downloads across all versions, the campaign puts tens of thousands of developer workstations and CI/CD build servers at risk. The payload executes through .NET module initializers, hooks the CLR JIT compiler, and supports cross-platform infection including Linux and macOS infrastructure.

    Pulse ID: 69fcc64069bf35be793669dd
    Pulse Link: otx.alienvault.com/pulse/69fcc
    Pulse Author: AlienVault
    Created: 2026-05-07 17:05:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Chinese #CyberSecurity #InfoSec #InfoStealer #Linux #Mac #MacOS #NET #NuGet #OTX #OpenThreatExchange #RAT #SSH #bot #cryptocurrency #AlienVault

  4. 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

    Five malicious NuGet packages published under account bmrxntfj impersonate Chinese .NET libraries to deploy an infostealer targeting browser credentials, cryptocurrency wallets, SSH keys, and local files. The packages typosquat legitimate Chinese UI and infrastructure libraries, grafting .NET Reactor-protected payloads onto decompiled legitimate code. The campaign uses version rotation to evade hash-based detection, with 219 of 224 total versions unlisted but fetchable. The stealer targets 12 browsers, 8 desktop crypto wallets, and 5 browser wallet extensions, exfiltrating data to a newly-registered C2 domain. With approximately 65,000 downloads across all versions, the campaign puts tens of thousands of developer workstations and CI/CD build servers at risk. The payload executes through .NET module initializers, hooks the CLR JIT compiler, and supports cross-platform infection including Linux and macOS infrastructure.

    Pulse ID: 69fcc64069bf35be793669dd
    Pulse Link: otx.alienvault.com/pulse/69fcc
    Pulse Author: AlienVault
    Created: 2026-05-07 17:05:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Chinese #CyberSecurity #InfoSec #InfoStealer #Linux #Mac #MacOS #NET #NuGet #OTX #OpenThreatExchange #RAT #SSH #bot #cryptocurrency #AlienVault

  5. 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

    Five malicious NuGet packages published under account bmrxntfj impersonate Chinese .NET libraries to deploy an infostealer targeting browser credentials, cryptocurrency wallets, SSH keys, and local files. The packages typosquat legitimate Chinese UI and infrastructure libraries, grafting .NET Reactor-protected payloads onto decompiled legitimate code. The campaign uses version rotation to evade hash-based detection, with 219 of 224 total versions unlisted but fetchable. The stealer targets 12 browsers, 8 desktop crypto wallets, and 5 browser wallet extensions, exfiltrating data to a newly-registered C2 domain. With approximately 65,000 downloads across all versions, the campaign puts tens of thousands of developer workstations and CI/CD build servers at risk. The payload executes through .NET module initializers, hooks the CLR JIT compiler, and supports cross-platform infection including Linux and macOS infrastructure.

    Pulse ID: 69fcc64069bf35be793669dd
    Pulse Link: otx.alienvault.com/pulse/69fcc
    Pulse Author: AlienVault
    Created: 2026-05-07 17:05:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Chinese #CyberSecurity #InfoSec #InfoStealer #Linux #Mac #MacOS #NET #NuGet #OTX #OpenThreatExchange #RAT #SSH #bot #cryptocurrency #AlienVault

  6. 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

    Five malicious NuGet packages published under account bmrxntfj impersonate Chinese .NET libraries to deploy an infostealer targeting browser credentials, cryptocurrency wallets, SSH keys, and local files. The packages typosquat legitimate Chinese UI and infrastructure libraries, grafting .NET Reactor-protected payloads onto decompiled legitimate code. The campaign uses version rotation to evade hash-based detection, with 219 of 224 total versions unlisted but fetchable. The stealer targets 12 browsers, 8 desktop crypto wallets, and 5 browser wallet extensions, exfiltrating data to a newly-registered C2 domain. With approximately 65,000 downloads across all versions, the campaign puts tens of thousands of developer workstations and CI/CD build servers at risk. The payload executes through .NET module initializers, hooks the CLR JIT compiler, and supports cross-platform infection including Linux and macOS infrastructure.

    Pulse ID: 69fcc64069bf35be793669dd
    Pulse Link: otx.alienvault.com/pulse/69fcc
    Pulse Author: AlienVault
    Created: 2026-05-07 17:05:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Chinese #CyberSecurity #InfoSec #InfoStealer #Linux #Mac #MacOS #NET #NuGet #OTX #OpenThreatExchange #RAT #SSH #bot #cryptocurrency #AlienVault

  7. 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

    Five malicious NuGet packages published under account bmrxntfj impersonate Chinese .NET libraries to deploy an infostealer targeting browser credentials, cryptocurrency wallets, SSH keys, and local files. The packages typosquat legitimate Chinese UI and infrastructure libraries, grafting .NET Reactor-protected payloads onto decompiled legitimate code. The campaign uses version rotation to evade hash-based detection, with 219 of 224 total versions unlisted but fetchable. The stealer targets 12 browsers, 8 desktop crypto wallets, and 5 browser wallet extensions, exfiltrating data to a newly-registered C2 domain. With approximately 65,000 downloads across all versions, the campaign puts tens of thousands of developer workstations and CI/CD build servers at risk. The payload executes through .NET module initializers, hooks the CLR JIT compiler, and supports cross-platform infection including Linux and macOS infrastructure.

    Pulse ID: 69fcc64069bf35be793669dd
    Pulse Link: otx.alienvault.com/pulse/69fcc
    Pulse Author: AlienVault
    Created: 2026-05-07 17:05:04

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Chinese #CyberSecurity #InfoSec #InfoStealer #Linux #Mac #MacOS #NET #NuGet #OTX #OpenThreatExchange #RAT #SSH #bot #cryptocurrency #AlienVault

  8. #Nuget: Malicious NuGet packages mimicked trusted .NET libraries to steal credentials, key crypto wallets.
    Packages:

    IR.DantUI, IR.OscarUI, IR.Infrastructure.Core, IR.Infrastructure.DataService.Core, IR.iplus32

    included an infostealer #malware:
    👇
    gbhackers.com/malicious-nuget-

  9. In about one hour, combining the powers of Native AOT and System.CommandLine, we will turn Inspector Roslyn into a standalone CLI tool.

    2026-04-22 (Wednesday)
    at 17:00 UTC

    #2codeOrNot2code #dotnet #CSharp #Roslyn #NuGet

    youtube.com/watch?v=DAyZ_6KvpiM