Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords

What Happened

A malicious software package disguised itself as the official developer tool for Sicoob, a major Brazilian financial institution. Software developers who downloaded this package unknowingly exposed their sensitive banking passwords and digital certificates to attackers. This matters because the attackers could use the stolen credentials to impersonate legitimate banking applications and access sensitive financial data or transactions. Organizations should immediately remove the 'Sicoob.Sdk' package, revoke any exposed passwords or certificates, and review their systems for unauthorized banking activity.

Key Takeaways

• A malicious NuGet package named Sicoob.Sdk impersonated the official Sicoob banking SDK to steal authentication material.
• The package exfiltrated client IDs, PFX certificates, PFX passwords, and raw boleto responses to a hardcoded Sentry endpoint.
• Attackers used a clean GitHub repository (Sicoob-Cooperativa) as a facade to hide the malicious exfiltration logic present in the compiled NuGet DLL.
• Google's AI search summaries inadvertently amplified the threat by recommending the malicious package to developers.

Affected Systems

• .NET developers integrating with Sicoob APIs
• CI/CD pipelines and build environments
• Applications using the Sicoob.Sdk NuGet package (versions 2.0.0 through 2.0.4)

Attack Chain

The attack begins when a developer installs the malicious Sicoob.Sdk NuGet package, believing it to be the official Sicoob banking SDK. Upon instantiating the SicoobClient with a client ID, PFX certificate path, and password, the malicious DLL reads the PFX file from disk. It then base64-encodes the certificate contents and transmits the client ID, plaintext password, and encoded certificate to a hardcoded third-party Sentry telemetry endpoint. The package also intercepts and exfiltrates raw boleto API responses containing sensitive transaction data to the same endpoint.

Detection Availability

• YARA Rules: No
• Sigma Rules: No
• Snort/Suricata Rules: No
• KQL Queries: No
• Splunk SPL Queries: No
• EQL Queries: No
• Other Detection Logic: No
• Platforms: Socket AI Scanner

The article notes that Socket AI Scanner detects the package as known malware based on credential harvesting behavior, but no specific query logic or rules are provided.

Detection Engineering Assessment

EDR Visibility: Medium — EDR solutions can monitor network connections made by .NET applications to unexpected domains, but the exfiltration happens in memory during SDK initialization, which might blend in with normal application telemetry. Network Visibility: High — The exfiltration relies on outbound HTTPS connections to a specific, hardcoded Sentry ingestion host, which can be detected via DNS logs, proxy logs, or firewall telemetry. Detection Difficulty: Moderate — While the network indicator is highly specific, the malicious behavior is embedded within a seemingly legitimate SDK, making host-level behavioral detection difficult without deep inspection of the .NET assembly or network traffic.

Required Log Sources

• DNS Query Logs
• Proxy Logs
• Firewall Logs
• Process Network Connections

Hunting Hypotheses

Hypothesis	Telemetry	ATT&CK Stage	FP Risk
Consider hunting for unexpected outbound network connections from internal applications or CI/CD build runners to the specific Sentry ingestion host o4511335034847232.ingest.de.sentry.io.	DNS Query Logs, Proxy Logs, Firewall Logs	Exfiltration	Low
Evaluate whether build pipelines or developer workstations are resolving the Sentry ingestion domain associated with this campaign, which may indicate execution of the malicious SDK.	EDR Network Events, DNS Logs	Execution	Low

Control Gaps

• Lack of strict egress filtering on CI/CD build runners
• Implicit trust of third-party packages in developer environments

Key Behavioral Indicators

• Outbound connections to o4511335034847232.ingest.de.sentry.io from .NET application processes
• Presence of Sicoob.Sdk in project dependency files (.csproj, packages.config)

False Positive Assessment

• Low

Recommendations

Immediate Mitigation

• Verify against your organization's incident response runbook and team escalation paths before acting.
• Consider immediately removing the Sicoob.Sdk package (versions 2.0.0 through 2.0.4) from all projects, developer workstations, and CI/CD pipelines.
• If the package was used with real credentials, evaluate revoking and replacing exposed PFX certificates, rotating PFX passwords, and disabling affected client IDs.
• Consider reviewing Sicoob authentication and API logs for unusual token issuance, Pix activity, or unauthorized data retrieval.

Infrastructure Hardening

• Evaluate implementing strict egress network filtering for CI/CD build runners to prevent unauthorized exfiltration to unapproved telemetry or C2 endpoints.
• Consider blocking the identified Sentry ingestion host (o4511335034847232.ingest.de.sentry.io) at the DNS, proxy, and firewall levels.

User Protection

• If applicable, consider utilizing software composition analysis (SCA) tools to detect and block known malicious or highly suspicious open-source packages before they are downloaded by developers.

Security Awareness

• Consider training developers on the risks of supply chain attacks, emphasizing the importance of verifying the authenticity of official SDKs and publisher profiles.
• Evaluate incorporating checks for source-to-package mismatches into your secure development lifecycle training.

MITRE ATT&CK Mapping

• T1195.002 - Supply Chain Compromise: Compromise Software Dependencies and Development Tools
• T1204.005 - User Execution: Malicious Library
• T1036.005 - Masquerading: Match Legitimate Resource Name or Location
• T1552.001 - Unsecured Credentials: Credentials in Files
• T1005 - Data from Local System
• T1041 - Exfiltration Over C2 Channel
• T1071.001 - Application Layer Protocol: Web Protocols

Additional IOCs

• Domains:
  • o4511335034847232[.]ingest[.]de[.]sentry[.]io - Sentry ingestion host used for exfiltration
• Urls:
  • hxxps://d565e3f03d0b1a7c8935d7ff94237316@o4511335034847232[.]ingest[.]de[.]sentry[.]io/4511337546317904 - Sentry DSN endpoint for exfiltration
  • hxxps://github[.]com/Sicoob-Cooperativa - Unauthorized GitHub organization impersonating Sicoob
  • hxxps://github[.]com/joaobcdev - GitHub account associated with the malicious package
  • hxxps://www[.]nuget[.]org/profiles/sicoob - Malicious NuGet publisher profile
• File Paths:
  • lib/net8.0/Sicoob.Sdk.dll - Path to the malicious DLL within the NuGet package containing the exfiltration logic
• Other:
  • Sicoob.Sdk - Malicious NuGet package (versions 2.0.0 through 2.0.4)
  • Sicoob-Cooperativa.Sicoob.Auth - Related untrusted NuGet package
  • Sicoob-Cooperativa.Sicoob.CobrancaV3 - Related untrusted NuGet package
  • Sicoob-Cooperativa.Sicoob.ContaCorrente - Related untrusted NuGet package
  • Sicoob-Cooperativa.Sicoob.ConvenioPagamentos - Related untrusted NuGet package
  • Sicoob-Cooperativa.Sicoob.Investimentos - Related untrusted NuGet package
  • Sicoob-Cooperativa.Sicoob.OpenFinance - Related untrusted NuGet package
  • Sicoob-Cooperativa.Sicoob.PagamentosPix - Related untrusted NuGet package
  • Sicoob-Cooperativa.Sicoob.PagamentosV3 - Related untrusted NuGet package
  • Sicoob-Cooperativa.Sicoob.Pix - Related untrusted NuGet package
  • Sicoob-Cooperativa.Sicoob.Poupanca - Related untrusted NuGet package
  • Sicoob-Cooperativa.Sicoob.SpbTransferencias - Related untrusted NuGet package