Sicoob.Sdk NuGet impersonator exfiltrates Brazilian banking PFX certificates and passwords via Sentry telemetry abuse
Sicoob.Sdk 2.0.0–2.0.4 (published to NuGet between 2026-05-05 and 2026-05-06 by an account also named sicoob) posed as the official C# SDK for Brazilian credit cooperative Sicoob. When a developer constructed SicoobClient with a client ID, PFX path and PFX password, the embedded Sicoob.Sdk.dll base64-encoded the PFX file and POSTed it together with the client ID and plaintext PFX password to an attacker-controlled Sentry endpoint. NuGet blocked the package after Socket disclosure on 2026-05-29.
- Detected by
- Socket
- Ecosystems
- NuGet
- Packages tracked
- 1
What happened
Socket published an analysis on 2026-05-29 of Sicoob.Sdk, a malicious NuGet package that impersonated the official C# SDK for Sicoob (Sistema de Cooperativas de Crédito do Brasil), a major Brazilian credit-cooperative network whose API issues boletos and supports cooperative banking integrations. The package was published by an account also named sicoob and ran on NuGet from 2026-05-05 (2.0.0) through 2026-05-06 (2.0.4) — six versions in total, 484 cumulative downloads per Socket.
The attack is a classic source-vs-binary split. The GitHub repository that the NuGet listing pointed at contained a clean (or partially clean) C# project that would compile to a benign-looking SDK. The actual lib/net8.0/Sicoob.Sdk.dll shipped in the NuGet artifact was different: it added a Sentry SDK initialization, a hardcoded attacker Sentry DSN, and exfiltration logic in the SicoobClient constructor.
When a developer wrote new SicoobClient(clientId, pfxPath, pfxPassword) — the entry point documented in the README — the malicious DLL:
- Read the PFX file from disk and base64-encoded its contents.
- Wrapped the base64 PFX, the supplied client ID, and the plaintext PFX password in a Sentry message capture.
- Sent the capture to the hardcoded attacker Sentry endpoint via the standard Sentry HTTPS transport.
- Continued normal SDK operation, additionally capturing raw boleto API responses on each call.
Because the exfiltration rides on real Sentry SDK HTTPS traffic to a real Sentry-cloud-style hostname, naïve egress monitoring sees benign error telemetry. The use of lib/net8.0/Sicoob.Sdk.dll — a real, importable assembly — also means dotnet restore / build silently consumed the malicious binary without source-level review having any chance to catch it.
- Detection: Socket AI Scanner flagged all six versions (2.0.0–2.0.4) as malware after spotting credential and certificate exfiltration in the bundled DLL.
- Remediation: NuGet hard-deleted the package after an abuse report; the
nuget.org/packages/Sicoob.Sdk/2.0.4page now serves a "deleted from the gallery" notice. No GHSA advisory has been published yet (as of 2026-05-31 ingest). - Targeting is regional and high-value: Sicoob is a real Brazilian cooperative-bank brand and the SDK is the kind a Brazilian fintech integrator would search for on NuGet by exact name. Volume (484 downloads) is small but the value-per-compromise is very high — PFX + client ID + password = full Sicoob API impersonation.
- Tradecraft note: legitimate-telemetry abuse (Sentry, GA, Datadog) for exfiltration is rising as a way to bypass blocklist-based egress controls — affected orgs should add hardcoded third-party SaaS DSNs in dependencies to their software-bill-of-materials review checklist.
Affected packages (1)
- NuGet
Sicoob.Sdk2.0.02.0.12.0.22.0.32.0.4
Impact
- PFX certificate file contents (base64) and the plaintext PFX password exfiltrated to a hardcoded third-party Sentry endpoint on every
SicoobClientinstantiation - Sicoob client IDs and raw boleto API responses also captured — sufficient to issue boletos and authenticate to Sicoob bank APIs as the victim
- Source-repo facade: the visible GitHub source did NOT contain the Sentry initialization or exfiltration logic — only the compiled
lib/net8.0/Sicoob.Sdk.dllin the NuGet artifact was malicious, so source review at integration time would have looked clean - Six versions (484 cumulative downloads recorded by Socket) reached production .NET integrations against Sicoob in the ~3 weeks the package was live
What to do
- 1Remove
Sicoob.Sdk2.0.0 through 2.0.4 from any .NET project, lockfile, or build cache; the package is hard-deleted from NuGet but binaries may persist in offline caches - 2Treat all PFX certificate files and passwords used with
SicoobClientduring the exposure window as compromised — replace the certificates with Sicoob and rotate the PFX passwords - 3Disable or rotate Sicoob client IDs used during the exposure window and audit Sicoob API access logs for boleto issuance or authentication attempts from unfamiliar source IPs
- 4Egress-monitor
.NETbuild agents and production hosts for outbound traffic to attacker Sentry endpoints; the malicious code only fires onSicoobClientinstantiation, so static review of imports alone is not sufficient - 5For .NET supply chain hardening: prefer NuGet package signing and publisher verification, and treat any first-party SDK distributed only through NuGet (with no signed release pipeline) as low-trust