Key Findings A set of nine malicious NuGet packages capable of dropping time-delayed payloads has been identified. The packages were published in 2023 and 2024 by a user named "shanhai666" and are designed to run malicious code after specific trigger dates in August 2027 and November 2028. The packages were collectively downloaded 9,488 times. The most dangerous package, "Sharp7Extend," targets industrial PLCs with dual sabotage mechanisms: immediate random process terminatio
