all InfoSec news
Popular NuGet Package “Moq” Silently Exfiltrates User Data to Cloud Service
Malware Analysis, News and Indicators - Latest topics malware.news
The highly popular NuGet package, Moq, with total downloads of 475M+, released a new versions 4.20.0
and 4.20.1
on August 8th with a new sub-dependency that has hidden executable code that reads the user’s local git config, extracting the developer’s email address, hashing it, and sending it to a cloud service.
This incident was reported yesterday by Reddit user u/DinglDanglBob and also reported on the project’s GitHub page as an issue.
About Moq
Moq is a highly popular …
address august cloud cloud service code data dependency developer downloads email git hashing hidden local nuget package popular service user data