Popular NuGet Package “Moq” Silently Exfiltrates User Data to Cloud Service | allinfosecnews.com

Aug. 9, 2023, 7:10 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

The highly popular NuGet package, Moq, with total downloads of 475M+, released a new versions 4.20.0 and 4.20.1 on August 8th with a new sub-dependency that has hidden executable code that reads the user’s local git config, extracting the developer’s email address, hashing it, and sending it to a cloud service.

This incident was reported yesterday by Reddit user u/DinglDanglBob and also reported on the project’s GitHub page as an issue.

About Moq

Moq is a highly popular …

address august cloud cloud service code data dependency developer downloads email git hashing hidden local nuget package popular service user data

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Mounting global ransomware attacks significantly impact US 36 minutes ago | malware.news

article attacks avril haines director +12

Media, think tank, service spoofing conducted in APT42 cyberespionage operations 36 minutes ago | malware.news

apt42 campaigns charming kitten cyberespionage +30

Old vulnerable D-Link routers subjected to novel Goldoon botnet attacks 36 minutes ago | malware.news

april article attacks botnet +13

Android apps targeted by new Dirty Stream attack 36 minutes ago | malware.news

android android apps apps arbitrary code +18

Details on 2021 Chemonics hack remain scant 36 minutes ago | malware.news

agency article compromised cyberattack +11

Data breach impacts Airsoft community site 36 minutes ago | malware.news

article breach cloud cloud storage +20

New AI security bill unveiled in Senate 36 minutes ago | malware.news

act ai act ai security article +15

Path traversal vulnerability elimination in software sought by feds 36 minutes ago | malware.news

agency article bleepingcomputer cybersecurity +17

Accelerated patching found with CISA KEV catalog-listed flaws 36 minutes ago | malware.news

agency article catalog cisa +24

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Offensive Security Engineer

@ Ivanti | United States, Remote

View on infosec-jobs.com

Senior Security Engineer I

@ Samsara | Remote - US

View on infosec-jobs.com

Senior Principal Information System Security Engineer

@ Chameleon Consulting Group | Herndon, VA

View on infosec-jobs.com

Junior Detections Engineer

@ Kandji | San Francisco

View on infosec-jobs.com

Data Security Engineer/ Architect - Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700

View on infosec-jobs.com