Critical Infrastructure Security, Malware

Industrial systems targeted by suspicious NuGet package

A computer screen with Javascript is seen

Industrial cyberespionage could potentially be facilitated by the new suspicious SqzrFramework480 NuGet package seemingly targeted to developers using tools by Chinese industrial firm Bozhon Precision Industry Technology Co., according to The Hacker News.

SqzrFramework480, which has amassed almost 3,000 downloads since being uploaded in late January, enables screenshot capturing, remote IP address pinging, and screenshot transmission to IP-connected sockets, a report from ReversingLabs revealed. Such features were noted to be concerning by ReversingLabs researcher Petar Kirhmajer, who noted the previous exploitation of sockets in data exfiltration operations.

Organizations have been urged to be more vigilant of libraries within open-source repositories amid the emergence of the suspicious package, which highlights the complexity of supply chain threats.

"Open-source repositories like NuGet are increasingly hosting suspicious and malicious packages designed to attract developers and trick them into downloading and incorporating malicious libraries and other modules into their development pipelines," said Kirhmajer.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.