A fraudulent NuGet package posing as an authentic Sicoob software development kit (SDK) has been identified as exfiltrating critical banking credentials. This discovery has raised substantial alarms regarding software supply chain security within financial sectors.
Deceptive SDK Targets Brazilian Banking APIs
The deceptive package, named “Sicoob.Sdk,” was aimed at developers working with Brazil’s Sicoob banking APIs. It clandestinely collected authentication credentials during typical application processes.
Appearing on NuGet in early May 2026, the package swiftly released versions from 2.0.0 to 2.0.4 before its removal. It falsely advertised itself as a .NET 8 SDK, purporting to manage authentication, mutual TLS (mTLS), and API communications with Sicoob systems.
Hidden Data Exfiltration Mechanism
The package’s attractive positioning was due to Sicoob’s extensive user base in Brazil, drawing developers focused on financial applications. However, analysis revealed built-in data exfiltration capabilities.
The malicious package logged 484 downloads across various compromised iterations. Upon instantiation with a client ID, a PFX certificate file, and a password, it secretly read and encoded the certificate, transmitting it with the plaintext password and client ID to a Sentry endpoint.
Exploiting Trusted Telemetry Platforms
Notably, the attack utilized legitimate telemetry infrastructure. Instead of traditional command-and-control servers, the SDK exploited Sentry, a reputable error monitoring platform, to transmit stolen data, blending with standard application telemetry.
Static and dynamic analyses verified that the exfiltration occurred during typical SDK initialization. Hardcoded Sentry configurations sent captured credentials as telemetry messages, occasionally including financial transaction data like boleto payment responses.
Indicators of a Supply Chain Spoofing Attack
Multiple trust red flags were evident, including the absence of stars, releases, or established activity on the public GitHub repository linked to the SDK. This mismatch pointed to a deliberate supply-chain attack with a benign-looking codebase serving as a cover for a tampered binary on NuGet.
The malicious conduct extended beyond a single package. The publisher’s account hosted numerous Sicoob-branded packages, all claiming to be official. Despite only the main SDK exhibiting confirmed malicious behavior, all related packages are deemed untrustworthy due to their shared origin.
Potential Impacts and Remediation Efforts
The breach’s consequences could be severe. By leveraging stolen credentials, attackers might access banking APIs, retrieve account data, initiate transactions, or exploit payment systems like Pix and boleto. CI/CD pipelines and production environments face increased risk, as they frequently manage real credentials.
Security experts have reported the issue to NuGet, Sentry, and Sicoob, leading to swift remedial actions, including package removal. Organizations affected are advised to rotate credentials, revoke certificates, and scrutinize API activity for suspicious access.
This incident underscores the escalating complexity of software supply chain attacks, particularly in financial services, where trusted developer tools can become potent vectors for credential theft.
