Analyzing Impala Stealer – Payload of the first NuGet attack campaign In this blog post, we’ll provide a detailed analysis of a malicious payload we’ve dubbed “Impala Stealer”, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign we’ve exposed in our previous post. The sophisticated campaign targeted .NET …
Update 2023-03-21 – We’ve talked with members of the NuGet team and they had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically – there was no public evidence of severe malicious activity in the …
We’ve got great news for .NET developers – JFrog Artifactory can now act as your fully featured Symbol Server! Artifactory has long offered native support for NuGet packages, now developers can also store their symbol files in Artifactory where they can be indexed and consumed by the Visual Studio Debugger and other debugging tools. What …
1. If you are using several technologies, (e.g. Nuget, Maven, NPM, PyPi etc..) define a unique repository for each of them. By doing that you are making sure that all of the build requests are directed to the right place rather than going to a repository that may not even have the necessary packages. 2. …
The problem of dependency management is neither new nor original, it exists in all development platforms, and .NET is no different. Let’s go through different solutions and see how they perform. I’ll list them here in no particular order. Keeping dependencies in your source control That’s a very popular solution, and for a reason. The …
