Security researchers have uncovered a malicious NuGet package masquerading as an official Sicoob banking SDK that silently exfiltrates cryptographic certificates, private keys, and banking credentials from developers building integrations with Brazil’s Sicoob financial cooperative APIs. The attack represents a sophisticated supply chain strike against the financial services development ecosystem, targeting an institution that serves millions of users across Brazil.
How the Attack Worked
The rogue package, published under the name “Sicoob.Sdk”, appeared on the NuGet package registry in early May 2026 and rapidly released versions from 2.0.0 to 2.0.4 before being taken down. It was designed to look like a legitimate .NET 8 SDK handling authentication, mutual TLS (mTLS), and API communication with Sicoob systems — precisely the kind of package a developer working on Brazilian fintech integrations would search for and trust.
The package recorded 484 downloads across its multiple versions before removal, meaning hundreds of development environments may have been exposed during the window it was active.
The Credential Exfiltration Mechanism
Analysis of the package revealed that when developers instantiated the SDK client with standard parameters — a client ID, a PFX certificate file path, and a password — the package silently performed several malicious actions:
- Read the PFX certificate file from disk and Base64-encoded its contents.
- Transmitted the encoded certificate archive, the plaintext password, and the client ID to a hardcoded Sentry endpoint controlled by the attackers.
- In some cases, intercepted financial transaction data including boleto payment responses, exposing transaction details, payer information, and payment status.
A PFX file contains both a digital certificate and its associated private key — the core material for mutual TLS authentication. By capturing the PFX file plus its decryption password, attackers obtained everything necessary to impersonate legitimate banking integrations and gain unauthorized access to sensitive Sicoob financial APIs.
Abuse of Legitimate Infrastructure
What makes this attack particularly notable is its use of legitimate telemetry infrastructure for exfiltration. Rather than communicating with a traditional command-and-control server — which would be flagged by most network security tools — the malicious SDK leveraged Sentry, a widely trusted error monitoring platform used by legitimate software projects worldwide.
By routing stolen credentials through Sentry’s telemetry pipeline, the exfiltration traffic blended seamlessly with normal application monitoring traffic, making it exceptionally difficult for network-based detection systems to identify as malicious. Static and dynamic analysis confirmed that the exfiltration occurred during normal SDK initialization in production mode.
The GitHub Façade
The attack was further concealed by linking the NuGet package to a GitHub repository that appeared clean — it did not contain the malicious logic found in the compiled binary. This deliberate mismatch between a benign-looking open-source codebase and a tampered NuGet binary is a hallmark of advanced supply chain attacks, designed to pass casual code review.
The publisher account also hosted multiple Sicoob-branded packages, all claiming to be official modules. Although only the main SDK showed confirmed malicious behavior, all associated packages are considered untrusted due to their shared origin. Investigation of the linked GitHub organization revealed an absence of credibility indicators — no verified accounts, established contributors, or meaningful community activity — strongly suggesting active impersonation of Sicoob’s official developer ecosystem.
Impact and Response
The potential consequences of successful credential theft from this campaign are severe. Attackers in possession of stolen mTLS certificates and client credentials could:
- Access Sicoob banking APIs to retrieve account data or initiate transactions.
- Abuse payment systems including Pix and boleto.
- Compromise CI/CD pipelines and production environments that handle real financial credentials.
Security researchers at Socket reported the issue to NuGet, Sentry, and Sicoob, prompting swift remediation including package removal and Sentry endpoint termination. Organizations that downloaded any version of the Sicoob.Sdk package between 2.0.0 and 2.0.4 should immediately rotate all affected credentials, revoke compromised PFX certificates, issue new certificates, and conduct a thorough review of API access logs for suspicious activity patterns.
Broader Implications
This incident is the latest in a growing wave of supply chain attacks targeting financial services developers through trusted package registries. The combination of legitimate-looking package names, clean GitHub repositories, and abuse of trusted telemetry infrastructure reflects a significant increase in attack sophistication. Organizations building on third-party packages — particularly in regulated industries like financial services — should implement automated dependency scanning, validate package publisher identity, and enforce allow-lists for approved packages in production pipelines.