All news with #nuget tag

NuGet Packages Deliver Planned Disruptive Time Bombs

⚠️ Researchers found nine NuGet packages published under the developer name shanhai666 that combine legitimate .NET libraries with a small sabotage payload set to trigger between 2027 and 2028. The malicious code uses C# extension methods to intercept database and PLC operations and probabilistically terminate processes or corrupt writes. Socket advises immediate audits, removal from CI/CD pipelines, and verification of package provenance.

Malicious NuGet Packages Contain Delayed Logic Bombs

⚠️ Socket has identified nine malicious NuGet packages published in 2023–2024 by the account "shanhai666" that contain time‑delayed logic bombs intended to sabotage database operations and industrial control systems. The most dangerous, Sharp7Extend, bundles the legitimate Sharp7 PLC library and uses C# extension methods plus an encrypted configuration to trigger probabilistic process terminations (≈20%) and silent PLC write failures (≈80% after 30–90 minutes). Several SQL-related packages are set to activate on staged dates in August 2027 and November 2028, and the packages were collectively downloaded 9,488 times. All nine malicious packages have been removed from NuGet; attribution remains uncertain.

Typosquatted Nethereum NuGet Package Steals Wallet Keys

🔒Security researchers uncovered a NuGet typosquat, Netherеum.All, created to harvest cryptocurrency wallet secrets and exfiltrate them to a hidden command-and-control server. Uploaded on October 16, 2025 by user "nethereumgroup" and removed four days later, the package uses a Cyrillic 'e' homoglyph to impersonate Nethereum and falsely claims 11.7 million downloads to appear legitimate. Socket analysts found an XOR-decoded C2 endpoint (solananetworkinstance[.]info/api/gads) and a payload in EIP70221TransactionService.Shuffle that steals mnemonics, private keys, and keystore files. Developers are advised to verify publisher identity, watch for sudden download surges, and monitor anomalous network traffic before adding dependencies.

AWS Transform for .NET Adds Azure DevOps Repos Support

🔗 AWS Transform for .NET now supports Azure DevOps repositories alongside GitHub, GitLab, and Bitbucket. You can connect Azure DevOps repos directly to AWS Transform to discover, assess, and transform hundreds of repositories in parallel and run unit tests as part of the modernization workflow. Dependencies hosted in Azure Artifacts (NuGet) are resolved automatically during transformation, simplifying migration of .NET Framework applications to Linux-ready, cross-platform .NET while preserving Azure DevOps workflows.