Malicious NuGet Packages Target ASP.NET Developers Stealing Credentials Through JIT Hooks

Four malicious NuGet packages attack ASP.NET developers deploying credential-stealing backdoors. NCryptYo, DOMOAuth2_, IRAOAuth2.0, SimpleWriter_ racked up 4,500+ downloads since August 2024. JIT compiler hijacking and localhost proxies evade detection completely. Hamzazaheer published typosquatted packages mimicking legitimate cryptography, OAuth libraries. NCryptYo impersonates Windows CNG provider with identical DLL namespace. Static constructor fires on assembly load creating hidden proxy tunnel […]

The post Malicious NuGet Packages Target ASP.NET Developers Stealing Credentials Through JIT Hooks appeared first on VPN Central.