Malicious NuGet Packages Caught Distributing SeroXen RAT Malware

Cybersecurity researchers have discovered a new set of malicious packages posted to the NuGet package manager. The malware deployment method utilized is relatively unknown. The malicious campaign, described as coordinated and ongoing by software supply chain security firm ReversingLabs, has been linked to rogue NuGet packages that deliver a remote access trojan known as SeroXen RAT. This is the first known malware instance exploiting the NuGet repository’s inline tasks feature.