In the framework of an ongoing harmful campaign that began in August 2023, attackers are now publishing new harmful packages in the Nuget package manager, introducing a new level of secrecy to bypass detection.
About 60 harmful packages spanning 290 versions have been identified, demonstrating a more sophisticated approach by hackers compared to previous discoveries in October 2023, as reported by the security company Reversinglabs software.
Researchers have observed a shift in the attackers’ tactics from using MSBuild integrations to a strategy that involves simple yet deceptive bootloaders, which are embedded into legitimate PE (Portable Executable) files using Intermediate Language (IL) Weaving. This programming technique includes various essential components of the .NET platform such as .NET execution, libraries, and compilers for programming languages.
.NET is a popular framework used for developing a wide range of applications, including desktop, web, and mobile applications, as well as games and web server services.