SecurityWeek reports that malicious NuGet packages are being leveraged in a new attack aimed at .NET developers.
Such malicious packages have been downloaded almost 150,000 times, with the most popular package being Coinbase.Core, which had more than 120,000 downloads prior to its removal from the NuGet repository, according to a JFrog report, which noted attackers' use of typosquatting to lure downloads.
Researchers discovered that the packages contained a PowerShell script that facilitated the retrieval of a second Windows executable file payload with cryptocurrency theft, Electron archive code extraction and execution, and updater executable deployment capabilities.
"The top three packages were downloaded an incredible amount of times this could be an indicator that the attack was highly successful, infecting a large amount of machines. However, this is not a fully reliable indicator of the attacks success since the attackers could have automatically inflated the download count (with bots) to make the packages seem more legitimate," said JFrog.
Included in the exposed dataset labeled "PDL" were individuals' full names, email addresses, phone numbers, location data, professional summaries, and skills, as well as education and employment histories.
Attackers could leverage the issue — which impacts Nexus 3000, 7000, and 9000 series switches with vulnerable NX-OS versions with DHCPv6 activated and are in standalone NX-OS mode — to facilitate continuous crashes of the dhcp_snoop process and a denial-of-service condition.
Higher rewards of up to $250,000 will be given by Google for the discovery of memory corruption flaws in the Chrome browser shown to achieve remote code execution using a non-sandboxed process as part of a more robust vulnerability reward program.