"According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named " shanhai666" and are designed to run malicious code after specific trigger dates in August 2027 and November 2028. The packages were collectively downloaded 9,488 times. "The most dangerous package, Sharp7Extend, targets industrial PLCs with dual sabotage mechanisms: immediate random process termination and silent write failures that begin 30-90 minutes after installation, affecting safety-critical systems in manufacturing environments," security researcher Kush Pandya said."
"Socket said all nine rogue packages work as advertised, allowing the threat actors to build trust among downstream developers who may end up downloading them without realizing they come embedded with a logic bomb inside that's scheduled to detonate in the future. The threat actor has been found to publish a total of 12 packages, with the remaining three working as intended without any malicious functionality."
Nine malicious NuGet packages published in 2023 and 2024 by a user named " shanhai666" contained time-delayed payloads designed to execute on trigger dates in August 2027 and November 2028. The packages were downloaded 9,488 times. Sharp7Extend specifically targets users of the Sharp7 library for Siemens S7 PLCs and implements dual sabotage: immediate random process termination and silent write failures beginning 30–90 minutes after installation, risking safety-critical manufacturing systems. The threat actor published 12 packages in total, nine of which were malicious; all identified malicious packages have been removed from NuGet.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]