Nearly 60 new malicious packages have been uploaded to the NuGet package manager to deploy the SeroXen RAT in a supply chain attack that has been underway since last August, The Hacker News reports.
All of the packages, which have already been removed, employed Intermediary Language Weaving to insert malicious code within a Portable Executable .NET binary linked to NuGet packages, including the widely used Guna.UI2.WinForms package, according to a ReversingLabs report. Further examination revealed the utilization of IL weaving to establish a fraudulent package that exploited homoglyphs for certain letters, indicating the adoption of ever-evolving techniques to enable sensitive data and IT asset compromise, noted ReversingLabs security researcher Karlo Zanki. "This latest campaign highlights new ways in which malicious actors are scheming to fool developers as well as security teams into downloading and using malicious or tampered with packages from popular open source package managers like NuGet," wrote Zanki.
