- A malicious package named StripeApi.Net was discovered on the NuGet Gallery impersonating the official Stripe.net library.
- The typosquatted package was designed to secretly exfiltrate sensitive data, including a user’s Stripe API token, while maintaining functional application code.
- The package was uploaded on February 16, 2026, and had its download count artificially inflated to over 180,000 before being removed.
- Security researchers at ReversingLabs note this marks a shift from prior attacks targeting cryptocurrency wallets via similar methods.
Cybersecurity researchers disclosed details of a new malicious package targeting the financial sector through the NuGet Gallery, according to a report published by ReversingLabs. The package, codenamed StripeApi.Net, masqueraded as the legitimate Stripe.net library in a campaign that began in mid-February 2026.
This fraudulent upload meticulously replicated the official library’s icon and documentation to avoid suspicion from developers. Consequently, it was able to collect and transfer sensitive data, including the user’s Stripe API token, to the threat actor.
“The NuGet page for the malicious package is set up to resemble the official Stripe.net package as closely as possible,” researcher Petar Kirhmajer said. “It uses the same icon as the legitimate package and contains a nearly identical readme.”
To lend credibility, the threat actor split the malicious code across 506 versions, artificially boosting the total download count. However, ReversingLabs discovered and reported the package relatively soon after its release, causing its removal.
Kirhmajer explained, “Developers who mistakenly download and integrate a typosquatted library like StripeAPI.net will still have their applications compile successfully and function as intended.” Meanwhile, the software supply chain security company noted this activity marks a shift from prior campaigns that targeted the cryptocurrency ecosystem.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Trump-linked WLFI token stakers get exclusive stablecoin profit
- Bitcoin ETF Inflows Hit $506M, Highest Since February
- Nvidia Networking Sales Soar 143%, Outpace Data Center
- Gate.io gets EU payment license in Malta
- India’s Gold ETF Inflows Soar 900%, Outpacing Equities
