A newly discovered malicious NuGet package disguised as a legitimate Sicoob software development kit (SDK) has been caught exfiltrating sensitive banking credentials, highlighting a dangerous evolution in software supply chain attacks.
Security researchers from Socket revealed that the package, published under the name “Sicoob.Sdk,” impersonates official developer tooling used for integrating with Brazil’s Sicoob banking APIs while secretly stealing authentication data from developers and organizations.
Malicious NuGet Package Exfiltrates Banking Passwords
The fraudulent package, uploaded to NuGet in early May 2026, quickly released multiple versions (2.0.0 through 2.0.4) before being taken down.
It claimed to provide .NET 8 support for handling secure API communication, including mutual TLS (mTLS) authentication. However, behind this seemingly legitimate functionality, the package contained malicious code designed to extract highly sensitive data, including client IDs, PFX certificate files, and associated passwords.
Sicoob.Sdk captured during the investigation showed 484 total downloads across six versions, including malicious releases (Source: Socket)When developers used the SDK as instructed, they were required to initialize a client with a client ID, a PFX certificate path, and a password. This process is standard for secure banking integrations.
However, the malicious package exploited this trust by reading the certificate file directly from disk, Base64-encoding it, and transmitting it, along with the plaintext password and client ID, to a hardcoded external endpoint via Sentry, a legitimate error-monitoring platform.
This abuse of Sentry is particularly notable. Instead of using the service for debugging or performance monitoring, the attackers weaponized it as a covert data exfiltration channel.
The malicious code executed during normal SDK initialization, meaning the theft occurred silently and did not raise immediate suspicion. Even more concerning, the data exfiltration logic was triggered only in production mode, thereby evading detection in test environments.
Further investigation uncovered a broader impersonation campaign. The NuGet publisher account and a linked GitHub organization appeared to mimic official Sicoob developer resources.
The GitHub repository contained clean, harmless source code, with no visible malicious behavior. However, the compiled NuGet package contained hidden code not present in the public repository, indicating a deliberate source-to-package mismatch, an increasingly common tactic in supply chain attacks.
The impact of this compromise is severe. PFX certificates often contain private keys used for secure authentication. Combined with client IDs and passwords, these credentials could allow attackers to impersonate legitimate banking applications.
This could lead to unauthorized access to financial data, execution of transactions, or abuse of services such as Pix payments and boleto processing within the Sicoob ecosystem.
Although the package recorded fewer than 500 downloads, the risk remains high due to its potential exposure in development pipelines, CI/CD environments, and production systems where sensitive credentials are commonly used.
Developers relying on search engines or automated recommendations may have unknowingly installed the malicious dependency, further amplifying the threat.
Security teams are strongly advised to treat any use of the affected package as a credential compromise. Immediate actions should include revoking and rotating certificates, updating passwords, and auditing API activity for suspicious behavior. Organizations should also scan logs for outbound connections to suspicious Sentry endpoints associated with the attack.
This incident underscores the growing risks within open-source ecosystems, particularly when dealing with libraries that handle authentication or cryptographic material. Developers are urged to verify package authenticity, rely on official vendor sources, and implement strict dependency validation practices to reduce future exposure to similar threats.
Indicators of Compromise
Related publishing and source infrastructure
- NuGet owner account:
sicoob–https://www.nuget.org/profiles/sicoob - GitHub organization:
Sicoob-Cooperativa–https://github[.]com/Sicoob-Cooperativa - Associated GitHub contributor account:
joaobcdev–https://github[.]com/joaobcdev
Malicious package
Sicoob.Sdk(versions 2.0.0 through 2.0.4)
Related NuGet package set
Sicoob-Cooperativa.Sicoob.AuthSicoob-Cooperativa.Sicoob.CobrancaV3Sicoob-Cooperativa.Sicoob.ContaCorrenteSicoob-Cooperativa.Sicoob.ConvenioPagamentosSicoob-Cooperativa.Sicoob.InvestimentosSicoob-Cooperativa.Sicoob.OpenFinanceSicoob-Cooperativa.Sicoob.PagamentosPixSicoob-Cooperativa.Sicoob.PagamentosV3Sicoob-Cooperativa.Sicoob.PixSicoob-Cooperativa.Sicoob.PoupancaSicoob-Cooperativa.Sicoob.SpbTransferencias
Exfiltration endpoint
- Sentry DSN:
hxxps://d565e3f03d0b1a7c8935d7ff94237316@o4511335034847232[.]ingest[.]de[.]sentry[.]io/4511337546317904 - Sentry ingestion host:
o4511335034847232[.]ingest[.]de[.]sentry[.]io - Sentry project ID:
4511337546317904 - Sentry public key:
d565e3f03d0b1a7c8935d7ff94237316
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
