Sicoob SDK Banking Malware Exploits NuGet Developer Channels

**Executive summary:** A malicious NuGet package named Sicoob.Sdk was uploaded to the NuGet repository impersonating an official C# SDK for a major Brazilian financial cooperative; versions 2.0.0–2.0.4 exfiltrated PFX files, passwords, client IDs and transaction data to a hardcoded third-party endpoint during constructor-time execution, enabling credential theft and potential downstream access to financial APIs and CI/CD pipelines — NuGet has blocked the account, and organizations must remove the package, revoke and rotate exposed certificates/passwords, and audit for suspicious access.