Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords

Sicoob.Sdk versions 2.0.0 through 2.0.4 were maliciously designed to exfiltrate sensitive banking credentials, including client IDs and PFX passwords, via a third-party Sentry endpoint, posing a significant security risk. The package, which purported to be an official C# SDK for Sicoob API integrations, was hosted on NuGet and appeared to have a clean-source façade on GitHub, yet the NuGet artifact contained concealed exfiltration logic not present in the visible source. The fraudulent package was part of an impersonation effort, misleadingly presented under Sicoob branding and linked to an unauthorized GitHub organization, Sicoob-Cooperativa, unverified and lacking official confirmation from Sicoob. The exfiltration allowed potential impersonation of Sicoob's API clients, threatening account integrity and exposing sensitive financial data. The malicious activity was promptly reported, leading to NuGet's blockage of the package and highlighting the importance of vigilant supply chain security and verification of developer tools.