Malicious Sicoob NuGet Package Steals Banking Certs as npm Campaign Targets AWS Keys

Security researchers have uncovered two coordinated supply chain attacks targeting developer ecosystems: a malicious NuGet package impersonating Brazil's Sicoob financial cooperative SDK, and 14 npm packages designed to harvest cloud credentials and CI/CD secrets.

The campaigns, disclosed by Socket Security on May 29, highlight the persistent threat of package repository poisoning and the financial motivations driving these attacks.

Sicoob NuGet Package Attack

Sicoob is one of Brazil's largest cooperative financial systems, serving millions of customers through its network of credit unions. The malicious package, published under the name "Sicoob.Sdk," posed as a legitimate software development kit for integrating with Sicoob's banking APIs.

Timeline:

• May 5, 2026: Package first appeared on NuGet
• May 6, 2026: Updated to version 2.0.4
• May 7, 2026: Blocked by NuGet following responsible disclosure

Download Impact: Approximately 500 downloads before removal

How the Attack Worked

When developers instantiated SicoobClient with their credentials—a client ID, PFX file path, and PFX password—the malicious package silently exfiltrated:

• Client IDs used for API authentication
• PFX certificates that authenticate businesses with the Sicoob banking network
• PFX passwords in plaintext
• Boleto API responses exposing transaction details

The package read PFX files from disk, Base64-encoded the contents, and transmitted everything to a hardcoded third-party Sentry endpoint. The attacker weaponized Sentry—a legitimate error monitoring service—as their exfiltration channel, making traffic appear benign.

Supply Chain Mismatch

Socket researchers identified a critical indicator: the GitHub repository associated with the package functioned as a clean source facade, while the distributed NuGet artifact contained malicious Sentry-based exfiltration code not present in the visible source.

This source-package mismatch is a hallmark of supply chain attacks—similar to techniques we've documented in previous npm campaigns.

The attacker profile "sicoob" published 11 additional NuGet packages accumulating approximately 6,000 total downloads, suggesting a broader campaign that warrants investigation.

npm Campaign Targeting Cloud Credentials

On May 28, 2026, a threat actor using the handle "vpmdhaj" published 14 malicious npm packages typosquatting well-known OpenSearch, Elasticsearch, DevOps, and environment configuration libraries.

The packages included:

• @vpmdhaj/devops-tools
• @vpmdhaj/elastic-helper
• opensearch-setup-tool
• search-engine-setup
• env-config-manager

Targeted Credentials

Unlike the Sicoob attack's focus on banking certificates, the npm campaign harvested cloud and DevOps credentials:

• AWS credentials from environment variables and credential files
• HashiCorp Vault tokens for secrets management access
• npm tokens enabling further supply chain compromise
• CI/CD pipeline secrets from build environments

The packages executed a purpose-built credential harvester through npm's preinstall hook—running malicious code before the package even finished installing.

Why Developers Are Targets

These attacks exploit the trust developers place in package repositories and the privileged access their environments typically have. A developer's machine often contains:

1. Production credentials for testing and deployment
2. Private keys and certificates for code signing and API access
3. CI/CD secrets with deployment permissions
4. Access to source code repositories

For financial sector targets like Sicoob integrators, the PFX certificates enable direct access to banking APIs—making compromised credentials immediately monetizable.

Defensive Recommendations

Organizations should implement multiple layers of defense against supply chain attacks:

Package Vetting:

• Verify package publisher reputation and history
• Check for source-package consistency using tools like Socket
• Review package dependencies before installation
• Monitor for typosquatting of internal or frequently-used packages

Credential Hygiene:

• Never store PFX passwords in code or configuration files
• Use hardware security modules (HSMs) for certificate storage where possible
• Rotate credentials regularly and after any suspected compromise
• Implement separate credentials for development and production environments

CI/CD Hardening:

• Limit secrets access to specific pipeline stages
• Use ephemeral credentials with short lifetimes
• Audit preinstall/postinstall hooks in dependencies
• Consider private package registries with approval workflows

For broader security practices, see our online safety guide covering credential management fundamentals.

Indicators of Compromise

Sicoob NuGet:

• Package: Sicoob.Sdk versions 2.0.0-2.0.4
• Exfiltration endpoint: Third-party Sentry instance

npm Packages:

• Publisher: vpmdhaj
• Published: May 28, 2026
• C2: Unknown credential harvesting infrastructure

Organizations that installed these packages should assume credential compromise and begin rotation procedures immediately. The CISA supply chain security guidance provides additional remediation frameworks.