A critical new malware threat has been identified targeting financial software developers through a fake NuGet package named Sicoob.Sdk, which closely imitates legitimate developer tools. Researchers from Socket discovered that the malicious package was designed to compromise financial systems, particularly those of Brazil's largest cooperative financial system, Sicoob. The malware aggressively collects sensitive data, including private keys, by executing harmful actions during initial configuration.
Despite being flagged by security scanners, its sophisticated infrastructure involved misleading GitHub repositories to deceive developers. Immediate remediation is advised, including removing the package, revoking exposed credentials, and monitoring access logs to prevent significant financial damages.