Malicious package campaign on NuGet abuses MSBuild integrations

Attackers have begun using an inline tasks feature of MSBuild, a code building tool, to execute malicious codes on NuGet Gallery, a repository for .NET packages. This is the first known instance of malware on NuGet exploiting this feature. The malware was part of a months-long typosquatting campaign, with hundreds of malicious packages being uploaded to the repository since August. The tactics used by the attackers evolved throughout the campaign.