Malicious Package Affecting managed.windows.core package, versions [0,]
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
Exploit Maturity
Mature
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DOTNET-MANAGEDWINDOWSCORE-3370727
- published 24 Mar 2023
- disclosed 24 Mar 2023
- credit JFrog
How to fix?
Avoid using all malicious instances of the Managed.Windows.Core
package.
Overview
Managed.Windows.Core is a malicious package. This package adopts typosquatting techniques and attempts to trick users into downloading it.
It contains a PowerShell script that will execute upon installation and trigger a download of a 2nd stage
payload, which can be remotely executed.
Indicators of compromise:
https[:]//discord[.]com/api/webhooks/1076330498026115102/MLkgrUiivlgAoFWyvkSpLsBE3DMaDZd9cxPK3k9XQPyh6dw55jktV6qfDgxbs5AaY7Py
62[.]182[.]84[.]61
194[.]233[.]93[.]50
195[.]58[.]39[.]167
https[:]//paste[.]bingner[.]com/paste/xden6/raw
Squirrel-2021\Updater[.]exe