Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys
23.10.2025
2545
Malicious NuGet package mimicking Nethereum stole crypto wallet keys using homoglyph tricks and fake downloads.
🚨 SUPPLY CHAIN ATTACK ALERT: Fake Nethereum Package Stealing Crypto Keys
A malicious NuGet package impersonating the legitimate Nethereum library has been caught using homoglyph tricks to steal cryptocurrency wallet keys in a sophisticated supply chain attack.
The fake package used character substitution and visual deception to appear identical to the real Nethereum package, tricking developers into installing malware that exfiltrates sensitive wallet credentials and private keys.
Security researchers discovered the package actively distributing malware through the NuGet package manager, targeting developers working with Ethereum and cryptocurrency applications.
The attack demonstrates how homoglyph attacks—using characters that look identical but have different Unicode values—can bypass visual inspection and automated security checks in package repositories.
Once installed, the malicious package executes code that scans for cryptocurrency wallet files, extracts private keys and seed phrases, and transmits them to attacker-controlled servers.
- • Uses homoglyph characters to impersonate legitimate Nethereum package
- • Distributes malware through NuGet package manager
- • Targets cryptocurrency wallet keys and credentials
- • Exfiltrates sensitive data to remote servers
- • Bypasses visual inspection through character substitution
This incident highlights the growing sophistication of supply chain attacks targeting open-source ecosystems, where attackers exploit trust in popular libraries and package managers.
Security teams are urging developers to verify package authenticity through cryptographic signatures and to implement additional verification steps before installing dependencies in production environments.
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
