Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
Summary
Researchers have discovered four malicious NuGet packages that steal ASP.NET Identity data from web application developers. The packages also manipulate authorization rules to establish backdoors in compromised applications, highlighting risks associated with supply chain attacks targeting developers.
IFF Assessment
The malicious NuGet packages represent a threat to developers and their applications, potentially leading to data theft and unauthorized access.
Defender Context
Developers should carefully vet their dependencies and monitor for suspicious activity in their ASP.NET applications, especially related to identity and authorization configurations. Supply chain attacks targeting package managers are an increasing threat, requiring robust dependency management and security scanning practices.