14 Malicious NuGet Packages Found Stealing Crypto Wallets and Ad Data

ReversingLabs discovers 14 malicious NuGet packages, including Netherеum.All, using homoglyphs and fake downloads to steal crypto wallets and Google Ads data.

As digital currency continues to grow, so do the methods used by cybercriminals to steal it. Recently, a major cybersecurity threat was found on NuGet, a popular platform where software developers find building blocks for their apps. The discovery was made by software security firm ReversingLabs (RL) and publicly disclosed on Monday.

Sneaky Tactics to Build Trust

RL researchers found that since July 2025, a group of hackers has been uploading “poisoned” code packages designed to look like trusted tools. However, they didn’t just upload malicious code; they used psychological tricks.

For instance, they used homoglyphs, which is a method involving using letters that look identical to the naked eye but are different to a computer. A key example is the package Netherеum.All, which used a ...