At a Glance
| Malware family | Braintree.Net typosquat, a multi-stage .NET implant with a companion harvester (DependencyInjector.Core) |
|---|---|
| Threat actor | Unattributed; financially motivated (suspected) |
| Target / victims | .NET developers integrating Braintree payments; about 334 real installs of malicious versions |
| Delivery vector | Typosquatted NuGet package impersonating the official Braintree SDK |
| Key capabilities | Payment card skimming, merchant API key theft, host secret harvesting |
| Source | Socket Threat Research |
TL;DR
A malicious NuGet package named Braintree.Net poses as the official Braintree payment SDK. It skims live card data, steals merchant API keys, and harvests host secrets. Socket’s scanner caught the first malicious version on July 3, 2026, and the team reported it to NuGet for removal.
Delivery
The attacker used a classic name trick. The official library ships as “Braintree” in the 5.x line. The fake ships as “Braintree.Net” at version 3.36.1. So developers who mistype or copy a slightly wrong name install the impostor instead.
The impersonation runs deeper than the name. The author field claims “Braintree,” and the bundled README is copied from official documentation. That README even tells developers to install the real package. The tags and MIT license complete the disguise.
This Braintree NuGet typosquat also faked its popularity. Socket found that of roughly 14 million reported downloads, about 11 million were padding. The attacker sprayed those across 120 throwaway 0.0.x versions in a single day. Only about 334 real installs reached the genuinely malicious releases. The report calls that “a ~32,900x gap between the headline number and the real blast radius.”
Infection Chain
The fake SDK looks convincing. It ships real Braintree.dll assemblies for several .NET targets. Its public API mirrors the genuine SDK, so payments still process and merchants see no errors. Behind that facade, three exfiltration paths fire at different moments.
Three triggers
First, a module initializer runs the instant the assembly loads. It gathers environment variables, config files, and cloud metadata. Second, the private-key setter fires when a merchant configures a production gateway. It ships the merchant credentials outward. Third, a hidden logger hooks card operations and copies card fields as they pass through.
The theft is also selective. Card and credential stealing only runs in production. The environment harvester, by contrast, runs on any .NET 8 or newer app, even in sandbox mode. That split lets the attacker target live payment data while casting a wider net for host secrets.
Command and Control and Data Theft
The implant sends stolen data to attacker-controlled infrastructure. That domain abuses the Shakepay brand name, yet it does not belong to the real company. The payment hooks post full card numbers, CVVs, and expiry dates. The credential path posts the merchant ID, public key, and private key. A single production startup is enough to leak that triple.
The companion harvester grabs even more. It reads environment variables, appsettings files, connection strings, cloud IAM credentials, and CI/CD tokens. The card and account endpoints appear in plaintext, while the harvester hides its endpoint behind XOR encoding. As a credit card skimmer, the payment path relies on production gating rather than obfuscation for stealth.
Silence is the theme throughout. “Every exfiltration path wraps its body in an empty catch block,” the report notes. Therefore network errors, TLS failures, and bad payloads all stay hidden, and the host app keeps running as if nothing happened.
Defense and Detection
Move quickly if you use this package. Remove Braintree.Net, then install the official Braintree package instead. Next, rotate every Braintree merchant credential used in any environment that referenced it. Treat production keys as compromised.
Assume card exposure as well. If production traffic ran through the fake SDK, engage your PCI incident response process. Also audit your lock files for the companion packages, since DependencyInjector.Core, SipNet, and SipNet.OpenAI.Realtime can pull in the same harvester.
Finally, watch your network edge. Block egress to the attacker’s domain, and hunt proxy logs for outbound posts that carry card or account data or a static API-key header. The campaign mirrors earlier NuGet payment-SDK fakes, so verify publisher identity before every install.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.