1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Malicious NuGet packages with millions of downloads are targeting

    From TechnologyDaily@1337:1/100 to All on Fri Oct 13 16:15:04 2023
    Malicious NuGet packages with millions of downloads are targeting users everywhere

    Date:
    Fri, 13 Oct 2023 16:01:47 +0000

    Description:
    Multiple typosquatted packages discovered, targeting devs with SeroXen RAT.

    FULL STORY ======================================================================

    Cybersecurity researchers from Phylum recently discovered a malware campaign on the NuGet package manager for the .NET Framework, trying to trick people into infecting their endpoints with a remote access trojan (RAT) called SeroXen.

    The unnamed threat actors updated a malicious package called Pathoschild.Stardew.Mod.Build.Config, a typosquat of a legitimate package
    with a similar name - Pathoschild.Stardew.ModBuildConfig. If run, the package activates a PowerShell script, which downloads a file named x.bin (which is actually a Windows Batch script). This file builds and runs another
    PowerShell script which, ultimately, delivers the SeroXen RAT.

    For typosquatting attacks to work, the victims need to be distracted, burnt out, or plain reckless. In this instance, the attackers went a little further to try and build legitimacy - they artificially inflated the download count. So, while the proper package has some 80,000 downloads, the malicious one has more than 100,000 downloads. That way, even the developers with a little more due diligence done might still be tricked into downloading the wrong package. Off the shelf

    SeroXen is described as off-the-shelf malware, costing $60 for a lifetime bundle. The fileless RAT combines the functions of Quasar RAT, the r77 rootkit, and the Windows command-line tool NirCmd, The Hacker News reports. According to Trend Micros analysis, SeroXen offers a comprehensive list of features, with some standout ones including a Windows Defender-guaranteed bypass for both scan time and runtime; FUD scan time and runtime evasion against most antivirus engines; hidden Virtual Network Computing (hVNC), and full modern Windows support.

    "The discovery of SeroXen RAT in NuGet packages only underscores how
    attackers continue to exploit open-source ecosystems and the developers that use them," Phylum said.

    While the researchers did not elaborate on who the targets might be, they did say that the same account that uploaded SeroXen uploaded six other packages, four of which impersonated libraries for different crypto services.

    Via The Hacker News More from TechRadar Pro Crypto stealers target .NET developers in new campaign Here's a list of the best firewalls today These
    are the best malware removal tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/malicious-nuget-packages-with-millions- of-downloads-are-targeting-users-everywhere


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)