{ "title": "Sicoob.Sdk NuGet Certificate Exfiltration", "summary": "Malicious Sicoob.Sdk NuGet releases impersonated a banking SDK and exfiltrated Sicoob client IDs, PFX passwords, and base64-encoded PFX certificate archives through a hardcoded Sentry endpoint.", "date": "2026-05-28", "severity": "critical", "tags": [ "nuget", "dotnet", "package-impersonation", "certificate-theft", "credential-theft", "financial-services" ], "sources_count": 6, "indicators": { "slug": "sicoob-sdk-nuget-certificate-exfiltration", "since": "2026-05-28T00:00:00Z", "until": "2026-05-28T23:59:59Z", "ecosystem": "nuget, .net nuget", "cves": [], "cwes": [], "advisoryIds": [], "products": [], "packages": [ "Sicoob.Sdk", "Sicoob.Sdk@2.0.0", "Sicoob.Sdk@2.0.1", "Sicoob.Sdk@2.0.2", "Sicoob.Sdk@2.0.3", "Sicoob.Sdk@2.0.4" ], "versions": [ "2.0.0", "2.0.1", "2.0.2", "2.0.3", "2.0.4" ], "affectedVersions": [], "fixedVersions": [], "files": [ "lib/net8.0/Sicoob.Sdk.dll" ], "paths": [], "services": [], "domains": [ "o4511335034847232.ingest.de.sentry.io", "Sicoob.Sdk.dll" ], "urls": [ "https://d565e3f03d0b1a7c8935d7ff94237316@o4511335034847232.ingest.de.sentry.io/4511337546317904" ], "ips": [], "hashes": [ "7d2332e76c266509cdec8b552ccc839f50c28e6b01070071257bd3f57d1d9da2", "f0dff53969080584560b2971411415bdf9064d5a5a50185c4ae018943e7d5cbe", "94eb8da6703dd073184015c9e3cb34e9b6153fc499c9cb1a7db6e4361ec349dd", "ac9dc55f13d973e05865e9674c8b8e6744e7fbfca3355199b292f614f13ac7bc", "190dbcafa776e8cc221106414b8fbd68252d98438c5e46b8449788fbe70316a4", "d565e3f03d0b1a7c8935d7ff94237316" ], "processPatterns": [], "networkPatterns": [], "telemetrySelectors": [ "PackageReference Include=\\\"Sicoob.Sdk\\\"", "dotnet add package Sicoob.Sdk", "new SicoobClient(", "cliend_id", "pass", "Boleto", "SentrySdk", "CaptureMessage", "ReadAllBytes", "ToBase64String" ] } }