<p>Avoid using all malicious instances of the <code>Managed.Windows.Core</code> package.</p>

Malicious Package Affecting managed.windows.core package, versions [0,]

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

Exploit Maturity Mature

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-DOTNET-MANAGEDWINDOWSCORE-3370727
published 24 Mar 2023
disclosed 24 Mar 2023
credit JFrog

Report a new vulnerability Found a mistake?

Introduced: 24 Mar 2023

Malicious CWE-506 Open this link in a new tab

How to fix?

Avoid using all malicious instances of the Managed.Windows.Core package.

Overview

Managed.Windows.Core is a malicious package. This package adopts typosquatting techniques and attempts to trick users into downloading it.

It contains a PowerShell script that will execute upon installation and trigger a download of a 2nd stage payload, which can be remotely executed.

Indicators of compromise:

https[:]//discord[.]com/api/webhooks/1076330498026115102/MLkgrUiivlgAoFWyvkSpLsBE3DMaDZd9cxPK3k9XQPyh6dw55jktV6qfDgxbs5AaY7Py

62[.]182[.]84[.]61
194[.]233[.]93[.]50
195[.]58[.]39[.]167
https[:]//paste[.]bingner[.]com/paste/xden6/raw
Squirrel-2021\Updater[.]exe

References

JFrog Blog