malware
nuget
SipNet
discovered 2026-07-09SIP/WebRTC package typosquatting the legitimate SIPSorcery library, published by the same NuGet account (`braintree`) behind Braintree.Net. The shipped DLL is a clean recompile identical to legitimate SIPSorcery 12.8.3-12.8.6; only the dependency MANIFEST was changed to add DependencyInjector.Core (>= some version) scoped to net8.0/net9.0/net10.0 targets, so installing SipNet 12.8.4-12.8.7 transitively delivers the unconditional host-secret harvester. No malicious code in SipNet's own assembly.
Threat types
typosquat data_exfiltration
Malicious versions
- 12.8.4
- 12.8.5
- 12.8.6
- 12.8.7