Malicious StripeApi.Net NuGet Package Exfiltrates Stripe API Tokens

First reported

26.02.2026 12:09

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A malicious NuGet package named StripeApi.Net was discovered impersonating the legitimate Stripe.net library. The package, uploaded on February 16, 2026, mimicked the official Stripe.net package to steal Stripe API tokens from developers. The package was removed before causing significant damage. This marks a shift in targeting from cryptocurrency to financial services.

Timeline

26.02.2026 12:09 1 articles · 5h ago

Malicious StripeApi.Net NuGet Package Discovered and Removed
On February 16, 2026, a malicious NuGet package named StripeApi.Net was uploaded, mimicking the legitimate Stripe.net library. The package was designed to steal Stripe API tokens while maintaining normal functionality. It was discovered and removed by ReversingLabs soon after its release, preventing significant damage.
Show sources

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens — thehackernews.com — 26.02.2026 12:09
Open in new tab

Information Snippets

The malicious package StripeApi.Net was uploaded by a user named StripePayments on February 16, 2026.
First reported: 26.02.2026 12:09

1 source, 1 article
Show sources
- Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens — thehackernews.com — 26.02.2026 12:09
The package mimicked the legitimate Stripe.net library, using the same icon and a nearly identical readme.
First reported: 26.02.2026 12:09

1 source, 1 article
Show sources
- Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens — thehackernews.com — 26.02.2026 12:09
The threat actor artificially inflated the download count to over 180,000, split across 506 versions.
First reported: 26.02.2026 12:09

1 source, 1 article
Show sources
- Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens — thehackernews.com — 26.02.2026 12:09
The package exfiltrated Stripe API tokens while maintaining functionality to avoid suspicion.
First reported: 26.02.2026 12:09

1 source, 1 article
Show sources
- Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens — thehackernews.com — 26.02.2026 12:09
The package was discovered and reported by ReversingLabs soon after its release.
First reported: 26.02.2026 12:09

1 source, 1 article
Show sources
- Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens — thehackernews.com — 26.02.2026 12:09
This attack represents a shift from previous campaigns targeting the cryptocurrency ecosystem.
First reported: 26.02.2026 12:09

1 source, 1 article
Show sources
- Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens — thehackernews.com — 26.02.2026 12:09

Summary

Timeline

Malicious StripeApi.Net NuGet Package Discovered and Removed

Information Snippets