Malware4 min read
Malicious Sicoob NuGet Package Steals Banking Certs as npm Campaign Targets AWS Keys
A fake Sicoob SDK on NuGet exfiltrated PFX certificates and banking credentials from Brazilian developers, while 14 malicious npm packages harvested AWS keys, Vault tokens, and CI/CD secrets.
James RiveraMay 30, 2026