Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing library and its author to sneak in a cryptocurrency wallet stealer.
The malicious package, named „Tracer.Fody.NLog,“ remained on the repository for nearly six years. It was published by a user named „csnemess“ on February 26, 2020. It masquerades as „Tracer.Fody,“
https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html