NuGet impostors expose developer secrets

Malicious NuGet packages masquerading as familiar. NET libraries have put developer workstations and build environments at risk of credential theft, with attackers using plausible package names, hidden version histories and obfuscated payloads to target users in Chinese software ecosystems.

Five packages identified in the campaign — IR. DantUI, IR. OscarUI, IR. Infrastructure. Core, IR. Infrastructure. DataService. Core and IR. iplus32 — were published through the same account, bmrxntfj. They presented themselves as user interface and infrastructure components for. NET development, a tactic designed to blend into corporate dependency trees where internally named libraries and Chinese WinForms packages are widely used.

The packages together amassed about 65,000 downloads from late 2025, spread across 224 versions. Of those, 219 were marked as unlisted, leaving only a small number visible while older builds remained installable through direct dependency references. This approach helped the operator preserve download momentum while reducing the chance that researchers, developers or automated security tools would easily trace the full publishing trail.

The campaign’s strongest lure appears to be its imitation of legitimate Chinese. NET tooling. DantUI, for instance, closely resembles AntdUI, a recognised MIT-licensed WinForms component library hosted on Gitee. For developers scanning package names under time pressure, especially inside projects with multiple internal dependencies, the difference could be easy to miss.

Security analysis indicates that the libraries contain working code but also embed a. NET Reactor-protected infostealer. The payload is designed to activate once an IR-branded assembly is loaded, which can happen during routine development or after package restoration on a continuous integration runner. That makes the threat particularly dangerous for teams whose build systems hold deployment credentials, source-code access tokens and cloud secrets.

The malware seeks browser credentials, SSH private keys, cryptocurrency wallet data, Outlook profiles, Steam session files and selected local documents. Its collection logic covers 12 web browsers, eight desktop cryptocurrency wallets and five browser wallet extensions. Files from common user directories such as Desktop, Documents and Downloads are also targeted, expanding the impact beyond application secrets to personal and enterprise data stored on developer machines.

One documented version wave, 2.1.55, was pushed across all five packages on 14 April 2026 in a scripted burst lasting less than 13 seconds. That timing pattern points to automation rather than manual publication and suggests the operator had a repeatable process for releasing synchronised package updates. When scrutiny increased, newer versions replaced older builds, complicating hash-based detection and incident reconstruction.

The command-and-control infrastructure tied to the campaign includes the domain dns-providersa2. com, registered on 12 March 2026. Stolen data was configured for exfiltration to attacker-controlled infrastructure, creating risks beyond immediate account compromise. SSH keys can enable access to private repositories and servers, browser sessions may bypass password-only controls, and wallet theft can result in irreversible financial loss.

NuGet remains central to the. NET ecosystem, allowing developers to pull code rapidly into applications, services and internal tools. That convenience has also made public package repositories attractive to attackers seeking high-value access through the software supply chain. Unlike phishing, a malicious package can enter an organisation through routine development workflows and execute inside trusted environments.

The focus on Chinese-language and Chinese-hosted development patterns shows how threat actors are refining their targeting. Rather than relying only on obvious typosquatting of globally known libraries, this campaign used names that appear credible in a narrower ecosystem. Infrastructure-style package names such as IR. Infrastructure. Core and IR. Infrastructure. DataService. Core are especially difficult to judge because many companies use similar naming conventions for internal frameworks.

The attack also underscores the weakness of relying solely on package popularity, visible version listings or familiar naming. A download count can be artificially strengthened by repeated version rotation, and an unlisted package can still be installed if it remains available through direct dependency resolution. Developers who pin versions without inspecting provenance may continue pulling compromised builds even after visible package pages change.

Security teams are being urged to audit NuGet dependency histories, including transitive dependencies, not only top-level references. Systems that installed the five packages should be treated as potentially exposed, with browser credentials, SSH keys, package registry tokens, cloud access keys and cryptocurrency wallet material rotated or revoked where applicable. CI/CD runners require particular attention because they may store signing keys, deployment tokens and secrets with broader privileges than ordinary developer accounts.