Malicious Sicoob NuGet Package Steals Banking Certs as npm Campaign Targets AWS Keys
A fake Sicoob SDK on NuGet exfiltrated PFX certificates and banking credentials from Brazilian developers, while 14 malicious npm packages harvested AWS keys, Vault tokens, and CI/CD secrets.
Security researchers have uncovered two coordinated supply chain attacks targeting developer ecosystems: a malicious NuGet package impersonating Brazil's Sicoob financial cooperative SDK, and 14 npm packages designed to harvest cloud credentials and CI/CD secrets.
The campaigns, disclosed by Socket Security on May 29, highlight the persistent threat of package repository poisoning and the financial motivations driving these attacks.
Sicoob NuGet Package Attack
Sicoob is one of Brazil's largest cooperative financial systems, serving millions of customers through its network of credit unions. The malicious package, published under the name "Sicoob.Sdk," posed as a legitimate software development kit for integrating with Sicoob's banking APIs.
Timeline:
- May 5, 2026: Package first appeared on NuGet
- May 6, 2026: Updated to version 2.0.4
- May 7, 2026: Blocked by NuGet following responsible disclosure
Download Impact: Approximately 500 downloads before removal
How the Attack Worked
When developers instantiated SicoobClient with their credentials—a client ID, PFX file path, and PFX password—the malicious package silently exfiltrated:
- Client IDs used for API authentication
- PFX certificates that authenticate businesses with the Sicoob banking network
- PFX passwords in plaintext
- Boleto API responses exposing transaction details
The package read PFX files from disk, Base64-encoded the contents, and transmitted everything to a hardcoded third-party Sentry endpoint. The attacker weaponized Sentry—a legitimate error monitoring service—as their exfiltration channel, making traffic appear benign.
Supply Chain Mismatch
Socket researchers identified a critical indicator: the GitHub repository associated with the package functioned as a clean source facade, while the distributed NuGet artifact contained malicious Sentry-based exfiltration code not present in the visible source.
This source-package mismatch is a hallmark of supply chain attacks—similar to techniques we've documented in previous npm campaigns.
The attacker profile "sicoob" published 11 additional NuGet packages accumulating approximately 6,000 total downloads, suggesting a broader campaign that warrants investigation.
npm Campaign Targeting Cloud Credentials
On May 28, 2026, a threat actor using the handle "vpmdhaj" published 14 malicious npm packages typosquatting well-known OpenSearch, Elasticsearch, DevOps, and environment configuration libraries.
The packages included:
- @vpmdhaj/devops-tools
- @vpmdhaj/elastic-helper
- opensearch-setup-tool
- search-engine-setup
- env-config-manager
Targeted Credentials
Unlike the Sicoob attack's focus on banking certificates, the npm campaign harvested cloud and DevOps credentials:
- AWS credentials from environment variables and credential files
- HashiCorp Vault tokens for secrets management access
- npm tokens enabling further supply chain compromise
- CI/CD pipeline secrets from build environments
The packages executed a purpose-built credential harvester through npm's preinstall hook—running malicious code before the package even finished installing.
Why Developers Are Targets
These attacks exploit the trust developers place in package repositories and the privileged access their environments typically have. A developer's machine often contains:
- Production credentials for testing and deployment
- Private keys and certificates for code signing and API access
- CI/CD secrets with deployment permissions
- Access to source code repositories
For financial sector targets like Sicoob integrators, the PFX certificates enable direct access to banking APIs—making compromised credentials immediately monetizable.
Defensive Recommendations
Organizations should implement multiple layers of defense against supply chain attacks:
Package Vetting:
- Verify package publisher reputation and history
- Check for source-package consistency using tools like Socket
- Review package dependencies before installation
- Monitor for typosquatting of internal or frequently-used packages
Credential Hygiene:
- Never store PFX passwords in code or configuration files
- Use hardware security modules (HSMs) for certificate storage where possible
- Rotate credentials regularly and after any suspected compromise
- Implement separate credentials for development and production environments
CI/CD Hardening:
- Limit secrets access to specific pipeline stages
- Use ephemeral credentials with short lifetimes
- Audit preinstall/postinstall hooks in dependencies
- Consider private package registries with approval workflows
For broader security practices, see our online safety guide covering credential management fundamentals.
Indicators of Compromise
Sicoob NuGet:
- Package: Sicoob.Sdk versions 2.0.0-2.0.4
- Exfiltration endpoint: Third-party Sentry instance
npm Packages:
- Publisher: vpmdhaj
- Published: May 28, 2026
- C2: Unknown credential harvesting infrastructure
Organizations that installed these packages should assume credential compromise and begin rotation procedures immediately. The CISA supply chain security guidance provides additional remediation frameworks.
Related Articles
Fake Paysafe and Skrill SDKs on npm and PyPI Steal CI/CD Secrets
17 malicious packages masquerading as payment processor SDKs exfiltrate API keys, AWS credentials, and GitHub tokens from developer environments. Packages flagged within 6 minutes of upload.
Jul 9, 2026npm Typosquat Packages Drop PowerShell RAT Targeting Chrome Creds
Three malicious packages impersonating PostCSS tools deploy a multi-stage Windows RAT. The payload steals saved passwords by bypassing Chrome's app-bound encryption.
Jun 24, 2026Megalodon Attack Backdoors 5,561 GitHub Repos in Six Hours
Automated Megalodon campaign pushed 5,718 malicious commits to GitHub repos on May 18, injecting CI/CD workflows that exfiltrate cloud credentials, SSH keys, and secrets. SafeDep links it to TeamPCP.
May 23, 2026Leaked Shai-Hulud Code Spawns npm Infostealer With DDoS Capabilities
Leaked Shai-Hulud malware source code fuels new npm supply chain attack. Four malicious packages steal credentials and deploy DDoS bot with TCP/UDP flood capabilities.
May 22, 2026