top of page
Buscar

The Package That Opens the Vault

  • Foto del escritor: Javier Conejo del Cerro
    Javier Conejo del Cerro
  • 1 jun
  • 4 min de lectura

Software supply chain attacks continue to evolve at an alarming pace. What began as simple typosquatting campaigns has transformed into a sophisticated ecosystem of malicious packages, dependency confusion attacks, credential harvesters, and banking-focused malware designed to infiltrate developer environments and compromise organizations from the inside out.

The latest discoveries reveal a dual-front campaign targeting both financial institutions and software development pipelines. A malicious NuGet package impersonating a legitimate SDK for Brazil’s Sicoob banking platform was found stealing authentication material used for banking operations, while multiple npm campaigns targeted cloud credentials, CI/CD secrets, and developer environments. Together, these incidents highlight a growing trend: attackers are no longer simply exploiting software; they are exploiting trust itself.


Phase 1: Manufacturing Legitimacy 


The attack begins with carefully crafted packages designed to appear legitimate.

One of the most notable examples is “Sicoob.Sdk,” a NuGet package masquerading as an official SDK for Sicoob, one of Brazil’s largest cooperative banking systems. To developers searching for tools to integrate banking services, the package appeared authentic, complete with supporting repositories and documentation.

The operation became even more convincing when Google Search AI Mode surfaced the package as a legitimate library recommendation. This amplified visibility and increased the likelihood that unsuspecting developers would install it.

Meanwhile, npm attackers published packages with names resembling common DevOps, OpenSearch, ElasticSearch, and configuration-management tools. Rather than relying on obvious misspellings, the attackers adopted a more sophisticated approach: creating names that looked entirely plausible within modern development workflows.


Phase 2: Installation Becomes Compromise 


Once installed, the malicious packages immediately began collecting sensitive information.

The Sicoob SDK was specifically designed to intercept banking authentication materials. Whenever developers initialized the library using legitimate credentials, the package silently collected client identifiers, PFX certificates, certificate passwords, and banking API data before transmitting the information to attacker-controlled infrastructure.

The npm campaigns used a variety of techniques including:

  • Preinstall hooks

  • Dependency confusion

  • Obfuscated JavaScript droppers

  • Environment variable harvesting

  • Lifecycle script abuse

These mechanisms ensured execution before developers had any opportunity to inspect the package behavior.

The installation process itself became the attack vector.


Phase 3: Harvesting the Keys to the Kingdom 


The attackers focused on collecting the most valuable assets within development environments.

Targets included:

  • AWS credentials

  • HashiCorp Vault tokens

  • GitHub tokens

  • npm authentication tokens

  • CI/CD secrets

  • Environment variables

  • Cloud access credentials

  • Internal configuration files

  • Banking certificates

  • Client identifiers

The Sicoob campaign was particularly dangerous because possession of valid PFX certificates could allow attackers to impersonate legitimate banking integrations.

In many environments, these credentials provide direct access to production infrastructure, cloud platforms, financial systems, and customer data repositories.


Phase 4: Reconnaissance Before Exploitation 


A notable aspect of several npm campaigns was their emphasis on reconnaissance.

Rather than immediately deploying destructive payloads, the malware gathered information about:

  • Hostnames

  • Operating systems

  • Development environments

  • Installed software

  • Cloud environments

  • CI/CD runners

  • User context

Researchers observed the use of a “RECON_ONLY” mode that enabled attackers to silently map target environments before deciding whether further exploitation was worthwhile.

This staged approach significantly reduces detection while allowing threat actors to prioritize high-value targets.


Phase 5: The New Era of Supply Chain Abuse 


The attacks illustrate a fundamental evolution in supply chain threats.

Traditional typosquatting relied on users accidentally installing misspelled package names. Modern campaigns instead focus on what researchers describe as “manufactured legitimacy.”

Attackers now:

  • Create believable package names

  • Mimic real workflows

  • Abuse dependency resolution mechanisms

  • Exploit automated CI/CD systems

  • Leverage trusted registries

  • Target developer productivity tools

The goal is no longer simply infection. It is integration into legitimate software development processes.

This trend has been amplified by groups such as TeamPCP, whose campaigns have demonstrated how one compromised dependency can trigger downstream compromises across multiple organizations.


Victims


The primary victims include software developers, DevOps engineers, cloud administrators, financial institutions, fintech providers, and organizations operating CI/CD environments. Businesses integrating banking APIs face additional risk because stolen certificates and authentication materials may allow attackers to impersonate legitimate financial services.

Indirectly, customers and end users may also be impacted if compromised credentials provide access to production environments, payment systems, or sensitive financial data.


Breach Method & Stolen Data


The entry vector relied on malicious packages distributed through trusted software registries such as NuGet and npm. Attackers abused dependency confusion, lifecycle hooks, brand impersonation, and realistic package naming conventions to persuade developers to install malicious software.

Once executed, the malware harvested PFX certificates, banking credentials, client identifiers, API responses, AWS credentials, Vault tokens, npm tokens, CI/CD secrets, GitHub tokens, environment variables, cloud authentication material, and developer environment information. Several campaigns also performed system reconnaissance to prepare for future exploitation.


Measures to Fend Off the Attack


  • Verify package maintainers and publishers before installation.

  • Restrict dependency sources through approved registries.

  • Monitor npm lifecycle hooks and installation scripts.

  • Enforce software composition analysis (SCA).

  • Implement package allowlisting policies.

  • Rotate compromised certificates and credentials immediately.

  • Enable MFA wherever supported.

  • Monitor CI/CD pipelines for unauthorized activity.

  • Review dependency updates before deployment.

  • Scan environments for exposed secrets and authentication material.

  • Adopt Trusted Publishing and signed package verification.

  • Continuously monitor software supply chain risks.


Conclusion


The latest NuGet and npm campaigns demonstrate that software supply chain attacks have entered a new phase. Attackers are no longer relying on obvious tricks or simple typosquatting schemes. Instead, they are building convincing ecosystems of seemingly legitimate tools designed to blend naturally into everyday development workflows.

For organizations, the challenge is no longer identifying malicious software after installation. The challenge is recognizing when an apparently legitimate dependency has already become an attacker’s foothold into the enterprise. As developer ecosystems continue to expand, trust itself is becoming one of the most targeted assets in cybersecurity.



The Hacker News


 
 
 

Comentarios

bottom of page