Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
Nine malicious NuGet packages have been discovered, containing logic bombs set to detonate in August 2027 and November 2028, targeting database operations and industrial control systems. The packages, published by user “shanhai666” and collectively downloaded nearly 9,500 times, employ sophisticated techniques to disguise attacks as random failures, making incident response extremely difficult.