Malicious NuGet Packages Target Chinese Developers, Steal Sensitive Data

Five malicious NuGet packages published under the account "bmrxntfj" were found targeting Chinese .NET developers; they have ~65,000 downloads and deploy an advanced infostealer that collects browser credentials, SSH keys, and crypto wallet data. The packages evade detection via massive version manipulation (219 of 224 versions listed:false) and exfiltrate data to dns-providersa2.com (registered 2026-03-12); takedown requests were submitted but the packages remained active at the time of reporting, and developers are advised to avoid untrusted libraries and rotate credentials.