Cryptocurrency Developers Targeted by NuGet Supply Chain Attack

Socket’s Threat Research Team discovered a sophisticated supply chain attack on the NuGet package registry targeting cryptocurrency developers. The malicious package, Netherеum.All, exploited a homoglyph attack by using a Cyrillic 'e' to impersonate the legitimate Nethereum library. This package exfiltrated sensitive wallet data, including private keys and mnemonics. The attack leveraged NuGet’s permissive Unicode naming rules, which do not restrict identifiers to ASCII characters. The malicious package was published on October 16, 2025, and removed by NuGet on October 20, 2025. The attackers also inflated download counts to make the package appear legitimate. Researchers linked this attack to an earlier typosquat named NethereumNet, indicating a persistent threat.

Latest mentioned: 10-24

Earliest mentioned: 10-22

Sources

gbhackers.com securityonline.info thehackernews.com cybersum.net

Also Read

Lazarus Group Targets UAV Tech Firms in Cyberespionage Campaign

The Lazarus APT group has been attributed to a series of cyberattacks targeting defense contractors specializing in unmanned aerial vehicle (UAV) technology. The campaign, known as Operation DreamJob, utilized social engineering tactics to deliver malware disguised as job offers. The attacks, which occurred between March and August 2025, aimed to steal proprietary manufacturing data and design specifications. The group employed sophisticated techniques, including DLL side-loading and trojanized open-source projects, to evade detection. The campaign's success highlights the need for enhanced employee awareness and security training in sensitive sectors.

10-24Read more →