A new cyber threat has emerged within the NuGet ecosystem, targeting developers by disguising malicious packages as legitimate software libraries. These compromised packages are designed to steal sensitive information, including browser credentials, SSH keys, and cryptocurrency wallet data.
Stealthy Attack Strategies
The attackers employed a sophisticated strategy by embedding malicious code within genuine software libraries commonly used in Chinese enterprise environments. By mimicking authentic tools such as AntdUI, a popular WinForms component library, the packages managed to evade superficial scrutiny and spread widely.
Security researchers at Socket.dev identified five such malicious packages associated with a single NuGet account, bmrxntfj. These packages collectively reached approximately 64,784 downloads, putting numerous developer systems at risk. This campaign, dating back to September 2025, remains active, with the malicious packages still available for download.
Techniques for Persistence
The attackers ensured persistence by employing a version rotation technique. Out of 224 versions published, 219 were hidden from public search, complicating detection efforts. This method forced security teams to frequently update their defenses, highlighting the campaign’s resilience.
Any system that executed a package restore involving these malicious IDs has been vulnerable since late 2025. This long-standing threat underscores the significant risk it poses to the software supply chain.
Details of the Attack
The payload, activated through a .NET module initializer, executes without user input during a routine package restore. The malware gains control over subsequent compiled methods, utilizing JIT hooking. A secondary infostealer, named we4ftg.exe, then collects data from 12 browsers, including Chrome and Firefox, capturing credentials, cookies, and payment information.
Additionally, the malware targets cryptocurrency wallets such as MetaMask and Trust Wallet, among others, as well as SSH keys and other sensitive files. The stolen data is staged in a directory mimicking Microsoft’s OneDrive before being transmitted to a command-and-control server.
C2 Infrastructure and Attribution
The primary command-and-control domain is hosted in Amsterdam, with its nameservers obscured by Njalla, a privacy-focused registrar. A secondary domain hosted on Alibaba Cloud in Shanghai serves as the attacker’s development environment. This domain has not been linked to data exfiltration.
Analysis revealed a unique RSA-1024 key embedded in the malicious packages, tying them to known malware families. This attribution aids in identifying and mitigating further threats.
Developers are urged to inspect their projects for references to the compromised packages: IR.DantUI, IR.Infrastructure.Core, and others. Compromised systems should undergo thorough security checks, including credential resets and monitoring for unusual network activity.
The discovery of these malicious NuGet packages highlights the ongoing need for vigilance in software development and supply chain security. As attackers continue to evolve, so must the defenses against such sophisticated threats.
