March 26, 2024 at 11:00AM
A suspicious NuGet package, “SqzrFramework480,” has been reported for potential industrial data harvesting. The .NET library offers legitimate robotic movement and GUI capabilities but can also capture information from industrial systems, take screenshots, and transfer data. The package is potentially linked to Chinese company Bozhon, raising concerns about industrial espionage. Despite uncertainties, ReversingLabs has not reported the package and its purpose remains unclear.
After reviewing the meeting notes, it is clear that the NuGet package named SqzrFramework480 has raised serious security concerns due to its potential to harvest data from industrial systems. The package is designed to target developers who use technology from Bozhon Precision Industry Technology Co., Ltd., a Chinese company.
The package has been found to possess capabilities for calibrating robotic movement settings, managing and creating GUIs, initializing and configuring machine vision libraries, as well as harvesting various types of information from industrial systems, taking screenshots, sending ping packets, and opening sockets for data transfer.
Although the individual behaviors of the package might not appear significantly malicious, when combined, they raise alarm and suggest potential malicious intent, including exfiltrating data such as credentials, configuration settings, and proprietary information from infected systems. Furthermore, the package’s association with Bozhon and the lack of clarity regarding its actual purpose or the motivation behind its publication to NuGet have deepened the security concerns.
Despite these concerns, it is noted that ReversingLabs has not reported the package to NuGet, and it remains available for download, having been downloaded over 2,400 times since January. However, no other related packages linked to the potential campaign have been identified at this time.
In summary, the meeting notes indicate the need for further investigation and potential action to address the security implications of the SqzrFramework480 NuGet package.