Sicoob A.I CyberSecurity Scoring
Sicoob
Company Information
Website:https://www.sicoob.com.br/
Employees number:15,441
Number of followers:2,217,532
NAICS:52
Industry Type:Financial Services
Homepage:sicoob.com.br
Sicoob Risk Score (AI oriented)
Between 750 and 799
SicoobFinancial Services
Updated:
29/05/2026
29/05/2026
793/1000
Fair
Baa
Sicoob Global Score (TPRM)
xxxx
SicoobFinancial Services
Score locked

SicoobFair
Current Score
793Baa (FAIR)
01000
1 incidents
-14 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
794
JUNE 2026
793
MAY 2026
807
Cyber Attack
05 May 2026 • Sicoob
NuGet and Sicoob: Malicious NuGet Package Poses as Sicoob SDK to Steal Passwords
Sophisticated Supply Chain Attack Targets Brazilian Banking SDK via Malicious NuGet Package
793
CRITICAL-14
SOCSIC1780057768
Sophisticated Supply Chain Attack Targets Brazilian Banking SDK via Malicious NuGet Package
A supply chain attack impersonating the official C# SDK for Sicoob, one of Brazil’s largest cooperative banking networks, was uncovered by researchers at Socket. The malicious NuGet package, Sicoob.Sdk (versions 2.0.0–2.0.4), contained hidden credential exfiltration logic designed to steal sensitive banking credentials and payment data.
### Key Details of the Attack
- Timeline: The fraudulent package was published on May 5, 2026, and rapidly updated to version 2.0.4 by May 6, 2026, before being blocked following Socket’s abuse report.
- Target: Sicoob serves 9 million members across 328 cooperatives and 5,219 service points in Brazil, making it a high-value target for financially motivated threat actors.
- Deception Tactics: The package mimicked a legitimate .NET 8 SDK for Sicoob’s APIs, complete with a GitHub organization (Sicoob-Cooperativa) and clean-looking source code. However, the compiled DLL contained malicious logic absent from the public repository.
- Exfiltration Mechanism: When developers initialized SicoobClient with a client ID, PFX file path, and password a standard workflow for mutual TLS banking integrations the DLL secretly base64-encoded the PFX certificate and transmitted it, along with the plaintext password and client ID, to a hardcoded Sentry telemetry endpoint (o4511335034847232.ingest.de.sentry.io).
- Secondary Data Theft: The attack also captured raw boleto API responses, exposing transaction details, payer/payee information, due dates, and payment status.
- Trigger Condition: The exfiltration only activated when isSandbox was set to false, meaning it targeted production environments using live credentials.
### Attacker Infrastructure & Exposure
- The NuGet publisher account (sicoob) listed 12 Sicoob-branded packages, accumulating 484 total downloads.
- The fraudulent GitHub organization (Sicoob-Cooperativa), created on May 4, 2026, had no verification, public members, or affiliation with the real Sicoob, whose official GitHub links to sicoob.com.br.
- Google’s AI search briefly promoted Sicoob.Sdk as the recommended .NET integration path, increasing developer exposure.
### Broader Context
This incident follows a February 2026 discovery of four malicious NuGet packages (NCryptYo, DOMOAuth2_, IRAOAuth2.0, SimpleWriter_), which exfiltrated ASP.NET Identity data and installed persistent C2 backdoors, totaling 4,500+ downloads. These campaigns highlight NuGet’s growing appeal to attackers using impersonation, typosquatting, and source-façade techniques to bypass developer trust.
### Indicators of Compromise (IOCs)
- Malicious Package: Sicoob.Sdk (versions 2.0.0–2.0.4)
- NuGet Publisher: sicoob
- Exfiltration Host: o4511335034847232.ingest.de.sentry.io
- Fraudulent GitHub Org: github.com/Sicoob-Cooperativa
- Fraudulent Contributor: github.com/joaobcdev
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
807
MARCH 2026
807
FEBRUARY 2026
807
JANUARY 2026
807
DECEMBER 2025
807
NOVEMBER 2025
807
OCTOBER 2025
807
SEPTEMBER 2025
807
AUGUST 2025
807
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Sicoob ??
What was Sicoob's A.I Rankiteo Cyber Score in June 2026 ??
What was Sicoob's A.I Rankiteo Cyber Score in May 2026 ??
What was Sicoob's A.I Rankiteo Cyber Score in April 2026 ??
What was Sicoob's A.I Rankiteo Cyber Score in March 2026 ??
What was Sicoob's A.I Rankiteo Cyber Score in February 2026 ??
What was Sicoob's A.I Rankiteo Cyber Score in January 2026 ??
What was Sicoob's A.I Rankiteo Cyber Score in December 2025 ??
What was Sicoob's A.I Rankiteo Cyber Score in November 2025 ??
What was Sicoob's A.I Rankiteo Cyber Score in October 2025 ??
What was Sicoob's A.I Rankiteo Cyber Score in September 2025 ??
What was Sicoob's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Sicoob's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Sicoob ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Sicoob's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?