Malicious NuGet Package Targets Stripe Developers

Key Points:

• A malicious NuGet package named StripeApi.Net has been discovered, designed to impersonate the legitimate Stripe.net library, targeting developers in the financial sector.
• The package, which had over 180,000 downloads, contained modified code that captured API tokens upon initialization and transmitted them to an attacker-controlled Supabase database. However, no actual tokens were found in the database after investigation.
• Developers are advised to exercise caution when using third-party packages and to verify authenticity to mitigate risks associated with typosquatting and compromised libraries.

Technical Details: The malicious package utilized typosquatting techniques to deceive developers into installing it, mimicking the legitimate Stripe library closely. Critical methods were altered to exfiltrate sensitive API keys.

MITRE ATT&CK Techniques:

• None mentioned

IOCs Mentioned:

• None mentioned