Malicious NuGet package steals Sicoob banking credentials
🔍 Security researchers found a malicious NuGet package named Sicoob.Sdk that impersonated a C# SDK for Brazil's Sicoob banking APIs and exfiltrated client IDs and PFX certificates. Versions 2.0.0–2.0.4 encoded PFX files and sent them, along with PFX passwords and client IDs, to a hardcoded third‑party Sentry endpoint while also capturing raw Boleto API responses. The package has been blocked by NuGet after responsible disclosure, and organizations are urged to rotate affected credentials and audit logs.
