Sicoob NuGet Package Steals Banking Credentials

Attackers are hiding credential-stealing code inside legitimate-looking NuGet packages, and the latest confirmed case targets Sicoob, a major Brazilian banking cooperative. The malicious Sicoob NuGet package was designed to silently harvest banking credentials from developer machines and CI/CD pipelines, blending in with trusted financial tooling. Simultaneously, a separate wave of malicious npm packages is targeting cloud secrets, specifically environment variables, API keys, and tokens used by AWS, Azure, and GCP workloads.

These are not isolated incidents. They represent an accelerating pattern of supply chain attacks where the package registry itself becomes the attack vector.

How the Malicious Sicoob NuGet Package Works

The package impersonates a legitimate Sicoob SDK or integration library. Once installed, it executes code during the build or restore phase, before most developers would notice anything unusual. The payload reads stored credentials, browser session data, and environment variables, then exfiltrates them to an attacker-controlled endpoint.

NuGet's package restore process runs with the same privileges as the developer or build agent. That means no elevation required. On a misconfigured CI runner with cloud credentials in environment variables, the blast radius extends well beyond banking credentials.

The npm Side: Cloud Secrets Are the Target

The companion npm campaign takes a slightly different approach. Packages published with names that typosquat popular cloud SDKs (think subtle misspellings of aws-sdk or @azure/identity) execute postinstall scripts that scrape process.env and forward the contents outbound. Cloud provider credentials sitting in .env files or shell profiles are particularly exposed.

Postinstall hooks in npm run automatically. Most developers don't audit them. Attackers know this.

What's Actually at Risk for Development Teams

The direct risk is obvious: stolen banking credentials and compromised cloud accounts. But the downstream consequences deserve equal attention.

A compromised cloud account can mean unrestricted access to production databases, object storage, and internal APIs. Stolen CI/CD credentials can let attackers push backdoored builds directly to production. In financial services environments using Sicoob integrations, the exposure extends to customer account data and transaction systems.

Developers working in monorepos or shared environments are at higher risk. One poisoned package in a shared packages/ directory can affect every service that inherits that dependency tree.

How to Detect and Protect Against These Attacks

Start with a dependency audit. Run dotnet list package and npm ls to inventory what's actually installed. Cross-reference package names against the official Sicoob developer documentation and known-good checksums.

Specific steps worth doing now:

• Verify publisher identity on NuGet.org before installing any financial or banking-related package. Check publication date, download count, and whether the account is verified.
• Audit postinstall scripts in npm packages. Use npm pack to inspect what's in a package before installing it in a sensitive environment.
• Rotate credentials immediately if you've installed either package type in the last 90 days on a machine with cloud or banking access.
• Restrict outbound network access from CI/CD runners. Build agents rarely need to make arbitrary external HTTP calls.
• Enable lockfiles (package-lock.json, packages.lock.json) and commit them to source control to prevent silent upgrades to compromised versions.

Automated scanning catches a portion of this, but behavioral monitoring of what packages actually do at install time is where most teams have gaps. Check out the open source supply chain security guide for a fuller treatment of lockfile strategies and registry mirroring.

You can also scan your web application for exposed secrets and misconfigured endpoints that could compound a supply chain compromise.

FAQ

How do I know if I already installed the malicious Sicoob NuGet package? Check your NuGet package cache and project .csproj files for any Sicoob-related package you didn't explicitly add. Compare the package ID and version against official Sicoob documentation. If in doubt, wipe the cache with dotnet nuget locals all --clear and audit outbound network logs for unexpected connections.

Can these attacks affect Docker-based build environments? Yes. If your Dockerfile runs dotnet restore or npm install without pinned lockfiles, the malicious package can execute inside the container during the image build step, where secrets are often present as build arguments or environment variables.

What's the fastest way to audit npm postinstall scripts across a large codebase? Run npm audit as a baseline, then use a tool like npq or manually inspect node_modules/.package-lock.json for any scripts.postinstall entries in packages you don't own. Flag anything making network calls.

Your dependencies are part of your attack surface. Run a free scan on your application at VibeWShield to identify exposed secrets and vulnerable endpoints before attackers do.