Malicious NuGet packages exploit loophole in MSBuild integrations

ReversingLabs has found links between several hundred malicious packages uploaded to the NuGet package manager since the beginning of August and a malicious campaign that the company Phylum recently found and reported. The most recent findings provide proof of what appears to be a continuous, well-planned operation.

Additionally, research from ReversingLabs demonstrates how malevolent actors are always refining their methods and reacting to campaign disruptions. Threat actors have specifically switched from using crude downloaders that ran inside install scripts to a more sophisticated method that takes advantage of NuGet’s MSBuild integrations capability.

Malicious NuGet packages exploit loophole in MSBuild integrations

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Malicious NuGet packages exploit loophole in MSBuild integrations

31-Oct-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address