Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Sicoob

Sicoob Vendor Cyber Rating & Cyber Score

sicoob.com.br

O Sicoob é o maior sistema financeiro cooperativo do país, com mais de 9 milhões de cooperados e mais de 4,6 mil pontos de atendimento distribuídos em todo o Brasil. Somos uma cooperativa financeira que oferece aos cooperados serviços de conta corrente, crédito, investimento, cartões, previdência, consórcio, seguros, cobrança bancária, adquirência de meios eletrônicos de pagamento, entre outros. Ou seja, temos um portfólio completo para atender o nosso público. Somos reconhecidos como a terceira melhor instituição financeira do Brasil segundo o ranking “Melhores Bancos do Mundo 2024”, realizado pela Forbes em parceria com a empresa de estudos de mercado Statista. Para oferecer esse atendimento, não abrimos mão do nosso propósito de


Sicoob A.I CyberSecurity Scoring

Sicoob
Company Information
Website:https://www.sicoob.com.br/
Employees number:15,441
Number of followers:2,217,532
NAICS:52
Industry Type:Financial Services
Homepage:sicoob.com.br
Sicoob Risk Score (AI oriented)
Between 750 and 799
logo
SicoobFinancial Services
Updated:
29/05/2026
793/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Sicoob Global Score (TPRM)
xxxx
logo
SicoobFinancial Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Sicoob
SicoobFair
Current Score
793Baa (FAIR)
01000
1 incidents
-14 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
794Before Incident
JUNE 2026
793Before Incident
MAY 2026
807Before Incident
Cyber Attack
05 May 2026Sicoob
NuGet and Sicoob: Malicious NuGet Package Poses as Sicoob SDK to Steal Passwords

Sophisticated Supply Chain Attack Targets Brazilian Banking SDK via Malicious NuGet Package

793After Incident
CRITICAL-14
SOCSIC1780057768
Sophisticated Supply Chain Attack Targets Brazilian Banking SDK via Malicious NuGet Package A supply chain attack impersonating the official C# SDK for Sicoob, one of Brazil’s largest cooperative banking networks, was uncovered by researchers at Socket. The malicious NuGet package, Sicoob.Sdk (versions 2.0.0–2.0.4), contained hidden credential exfiltration logic designed to steal sensitive banking credentials and payment data. ### Key Details of the Attack - Timeline: The fraudulent package was published on May 5, 2026, and rapidly updated to version 2.0.4 by May 6, 2026, before being blocked following Socket’s abuse report. - Target: Sicoob serves 9 million members across 328 cooperatives and 5,219 service points in Brazil, making it a high-value target for financially motivated threat actors. - Deception Tactics: The package mimicked a legitimate .NET 8 SDK for Sicoob’s APIs, complete with a GitHub organization (Sicoob-Cooperativa) and clean-looking source code. However, the compiled DLL contained malicious logic absent from the public repository. - Exfiltration Mechanism: When developers initialized SicoobClient with a client ID, PFX file path, and password a standard workflow for mutual TLS banking integrations the DLL secretly base64-encoded the PFX certificate and transmitted it, along with the plaintext password and client ID, to a hardcoded Sentry telemetry endpoint (o4511335034847232.ingest.de.sentry.io). - Secondary Data Theft: The attack also captured raw boleto API responses, exposing transaction details, payer/payee information, due dates, and payment status. - Trigger Condition: The exfiltration only activated when isSandbox was set to false, meaning it targeted production environments using live credentials. ### Attacker Infrastructure & Exposure - The NuGet publisher account (sicoob) listed 12 Sicoob-branded packages, accumulating 484 total downloads. - The fraudulent GitHub organization (Sicoob-Cooperativa), created on May 4, 2026, had no verification, public members, or affiliation with the real Sicoob, whose official GitHub links to sicoob.com.br. - Google’s AI search briefly promoted Sicoob.Sdk as the recommended .NET integration path, increasing developer exposure. ### Broader Context This incident follows a February 2026 discovery of four malicious NuGet packages (NCryptYo, DOMOAuth2_, IRAOAuth2.0, SimpleWriter_), which exfiltrated ASP.NET Identity data and installed persistent C2 backdoors, totaling 4,500+ downloads. These campaigns highlight NuGet’s growing appeal to attackers using impersonation, typosquatting, and source-façade techniques to bypass developer trust. ### Indicators of Compromise (IOCs) - Malicious Package: Sicoob.Sdk (versions 2.0.0–2.0.4) - NuGet Publisher: sicoob - Exfiltration Host: o4511335034847232.ingest.de.sentry.io - Fraudulent GitHub Org: github.com/Sicoob-Cooperativa - Fraudulent Contributor: github.com/joaobcdev
INCIDENT DETAILS -
TYPE
Supply Chain Attack
MOTIVATION
Financial gain
IMPACT
Data Compromised: Banking credentials, payment data, PFX certificates, plaintext passwords, client IDs, boleto API responses (transaction details, payer/payee information, due dates, payment status)Systems Affected: Production environments using Sicoob.Sdk (versions 2.0.0–2.0.4)Operational Impact: Potential unauthorized access to banking systems, data exfiltrationBrand Reputation Impact: High (impersonation of a major banking network)Identity Theft Risk: High (exposure of personally identifiable banking credentials)Payment Information Risk: High (exposure of boleto API responses and payment data)
DATA BREACH
Type Of Data Compromised: Banking credentials, PFX certificates, plaintext passwords, client IDs, boleto API responsesSensitivity Of Data: High (financial and personally identifiable information)Data Exfiltration: Yes (to Sentry telemetry endpoint)Data Encryption: Base64-encoded PFX certificates before exfiltrationFile Types Exposed: PFX certificates, API responses (JSON/XML)Personally Identifiable Information: Yes (banking credentials, payer/payee information)
APRIL 2026
807Before Incident
MARCH 2026
807Before Incident
FEBRUARY 2026
807Before Incident
JANUARY 2026
807Before Incident
DECEMBER 2025
807Before Incident
NOVEMBER 2025
807Before Incident
OCTOBER 2025
807Before Incident
SEPTEMBER 2025
807Before Incident
AUGUST 2025
807Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Sicoob ?
?
What was Sicoob's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Sicoob's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Sicoob's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Sicoob's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Sicoob's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Sicoob's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Sicoob's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Sicoob's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Sicoob's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Sicoob's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Sicoob's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Sicoob's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Sicoob ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Sicoob's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?