Malicious NuGet packages exploit loophole in MSBuild integrations


ReversingLabs has found links between several hundred malicious packages uploaded to the NuGet package manager since the beginning of August and a malicious campaign that the company Phylum recently found and reported. The most recent findings provide proof of what appears to be a continuous, well-planned operation.

Additionally, research from ReversingLabs demonstrates how malevolent actors are always refining their methods and reacting to campaign disruptions. Threat actors have specifically switched from using crude downloaders that ran inside install scripts to a more sophisticated method that takes advantage of NuGet’s MSBuild integrations capability.

Read More…