In a recent security incident, the JFrog Security Research team discovered malicious packages targeting .NET developers via the NuGet repository, using typosquatting techniques to mimic legitimate packages. These packages, which were downloaded approximately 150,000 times before removal, contained a PowerShell script that executed upon installation, downloading a secondary payload capable of remote execution. Despite Microsoft's efforts to mitigate such risks by deprecating certain scripts, vulnerabilities remain due to the autorun capabilities of NuGet packages. The attack leveraged sophisticated methods, including impersonating legitimate package names and authors, to deceive users and facilitate the execution of malicious code. JFrog has responded by updating their Xray tool to detect these packages, underscoring the importance of vigilance and security practices throughout the software development lifecycle to safeguard against such threats.