ThreatCluster

Malicious NuGet Packages Deploy Windows Surveillance Malware to Gamers

First seen 15 Jul 2026, 15:27 UTC CybersecuritynewsGbhackers 74% similarity 66

Article Content

Browse articles
ThreatCluster

Eleven malicious NuGet packages disguised as game cheats and automation tools have been identified, deploying a Windows payload known as pepesoft.exe. These packages target gaming communities, particularly for titles like Albion Online and GTA5RP. Once installed, they provide attackers with remote access to victims' PCs, allowing for live screenshot capture and other surveillance activities. The attack method exploits the .NET command-line tool installation process, making it easy for users to inadvertently execute the malicious code. The scope of the impact includes multiple gaming communities, with significant risks to user privacy and system security. Currently, there are no specific CVEs associated with these packages, but the threat is active and ongoing. Users are advised to avoid downloading unofficial game-related packages.

Key Points: • Eleven malicious NuGet packages masquerading as game cheats have been discovered. • The packages deploy pepesoft.exe, enabling remote access and surveillance of infected PCs. • Targeted gaming communities include Albion Online and GTA5RP, posing risks to user privacy.

ThreatCluster AI

Timeline

2026-07-15
Malicious NuGet packages identified
Researchers uncovered 11 malicious packages that deploy Windows surveillance malware targeting gamers.
Gbhackers
2026-07-15
Remote access capabilities confirmed
The malicious packages allow attackers to capture live screenshots and control victims' machines remotely.
Cybersecuritynews

Community

Browse all →