Phylum has found a malicious package on the .NET Framework package manager, NuGet, that delivers the SeroXen remote access trojan (RAT). The package has been downloaded over 100,000 times and the suspect profile has published six other packages with over 2.1 million downloads, some of which are masquerading as libraries for crypto services. The malware initiates via a script, while the PowerShell script retrieves a heavily-obfuscated Windows Batch script, eventually deploying the SeroXen RAT.
![](https://healsecurity.com/wp-content/uploads/2024/07/group-ibs-threat-intelligence-and-defence-centre-equip-undergraduates-with-sophisticated.jpg)
Group-IB’s Threat Intelligence and Defence Centre Equip Undergraduates with Sophisticated Cybersecurity Technologies to Boost Threat Analysis and Enhance Cyber Resilience for Campus Start-ups
Hey there from the heart of the San Francisco Bay Area! It’s an absolute pleasure to have you back again for our chat on some