Cybersecurity researchers have exposed a supply chain attack that exploits the NuGet package manager through malicious typosquats of Nethereum. This popular Ethereum .NET integration platform has been compromised by packages such as Netherеum.All, which have been found to include functionalities designed to decode command-and-control (C2) endpoints and exfiltrate sensitive information like mnemonic phrases and private keys.
The implementation of such malicious packages poses severe risks to unsuspecting developers and users who rely on legitimate package sources to manage their dependencies. Given the increasing number of similar threats, the need for robust security measures and vigilant monitoring of software dependencies is more critical than ever to safeguard cryptocurrency assets against unauthorized access and theft.
👉 Pročitaj original: The Hacker News
