Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Security researchers discovered a malicious NuGet package named "Sicoob.Sdk" that was distributed on NuGet and secretly exfiltrated PFX certificates, PFX passwords, and client IDs to a hardcoded third-party Sentry endpoint—allowing attackers to impersonate Sicoob API integrations and access downstream financial data; the package has been removed from NuGet. The report places this incident among a wave of active supply-chain campaigns across npm and other registries (typosquatting, postinstall credential harvesters, dependency confusion) and highlights links to known threat actors like TeamPCP/Replicating Marauder.