"Malicious Package Campaign on NuGet Abuses MSBuild Integrations"

Threat actors are always finding new ways to deploy malicious packages on public registries for programming languages. They want to execute malware code when those packages are imported and used in projects. In an attack campaign that was recently identified on NuGet Gallery, the repository for .NET packages, malicious actors use the inline tasks feature of the MSBuild code building tool to execute malicious code. Researchers from the security company ReversingLabs say this is the first known example of malware published to the NuGet repository that exploits the inline tasks feature to execute malware. This article continues to discuss attackers exploiting a known security risk in the popular MSBuild feature to place hard-to-detect malicious files in the .NET repository.

CSO Online reports "Malicious Package Campaign on NuGet Abuses MSBuild Integrations"

Submitted by grigby1

Submitted by grigby1 CPVI on