NuGet Supply Chain Attack Targets Ethereum Wallets

A malicious package impersonating the popular Nethereum Ethereum library was discovered on NuGet, the .NET software registry.

The package used a visually similar name (Netherеum.All) to appear legitimate and faked its download count to over 11 million.

An inflated download count makes a package appear widely used and trusted, causing developers to overlook things.

The package's code was built to scan for and exfiltrate credentials.

During development, keys or mnemonics are often stored in configuration files or environment variables for testing, and the malware was designed to find that data and send it to an attacker's server.