A newly discovered malicious NuGet package masquerading as an official Sicoob software development kit (SDK) has been caught exfiltrating highly sensitive banking credentials, raising serious concerns about software supply chain security in financial ecosystems.
The package, published under the name “Sicoob. Sdk,” targeted developers building integrations with Brazil’s Sicoob banking APIs and silently harvested authentication credentials during normal application execution.
Malicious NuGet Sicoob SDK Steals
The rogue package appeared on NuGet in early May 2026 and quickly released multiple versions from 2.0.0 to 2.0.4 before being taken down.
It claimed to provide a .NET 8 SDK for handling authentication, mutual TLS (mTLS), and API communication with Sicoob systems.
Given Sicoob’s scale, serving millions of users across Brazil, the package’s positioning made it highly attractive to developers working on financial applications.
However, deeper analysis revealed that the SDK contained hidden data exfiltration functionality.
When developers instantiated the provided client with a client ID, a PFX certificate file, and a password, the package secretly read the certificate from disk and encoded it.
It transmitted it along with the plaintext password and client ID to a third-party Sentry endpoint. A PFX file typically contains both a certificate and its associated private key, making it critical for secure authentication.
By stealing both the certificate archive and its password, attackers could potentially impersonate legitimate banking integrations and gain unauthorized access to sensitive financial APIs.
What makes this attack particularly dangerous is its use of legitimate telemetry infrastructure. Instead of using traditional command-and-control servers, the malicious SDK leveraged Sentry, a widely trusted error monitoring platform, to transmit stolen data.
This approach allowed the exfiltration to blend in with normal application telemetry and evade detection. Static and dynamic analysis confirmed that the exfiltration occurred during normal SDK initialization in production mode.
The code initialized a hardcoded Sentry configuration and sent captured credentials as part of a telemetry message.
In some cases, even financial transaction data such as boleto payment responses could be included, exposing transaction details, payer information, and payment status.
The public GitHub repository linked to the SDK appeared clean. It did not contain the malicious logic found in the compiled NuGet package.
This mismatch indicates a deliberate supply-chain attack in which a benign-looking codebase served as a façade while distributing a tampered binary via NuGet.
Supply Chain Spoofing
The attack extended beyond a single package. The publisher account hosted multiple Sicoob-branded packages, all claiming to be official modules.
Although only the main SDK showed confirmed malicious behavior, all associated packages are considered untrusted due to their shared origin.
Further investigation revealed that the GitHub organization behind the project lacked credibility indicators, such as verified accounts, established contributors, or community activity.
This strongly suggests impersonation of Sicoob’s official developer ecosystem.
The impact of this compromise can be severe. If attackers successfully use stolen credentials, they may access banking APIs to retrieve account data, initiate transactions, or abuse payment systems like Pix and boleto.
Additionally, CI/CD pipelines and production environments are at greater risk, as they often handle real credentials. Security researchers reported the issue to NuGet, Sentry, and Sicoob, prompting swift remediation actions, including package removal.
According to Socket research shared with Cyber Security News, affected organizations should rotate credentials, revoke certificates, and review API activity for suspicious access.
This incident highlights the growing sophistication of software supply chain attacks, especially in financial services, where trusted developer tools can become effective vectors for credential theft.
