Threat Intelligence Report

5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer

📅 May 7, 2026 📰 socket.dev 🔍 0 CVE(s) referenced

Five malicious NuGet packages masquerading as Chinese .NET libraries have infected nearly 65,000 developer environments with a sophisticated infostealer that exfiltrates browser credentials, cryptocurrency wallets, SSH keys, and sensitive files to attacker-controlled infrastructure.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle