Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
wget to Wipeout: Malicious Go Modules Fetch Destructive Payload https://socket.dev/blog/wget-to-wipeout-malicious-go-modules-fetch-destructive-payload
06/05/2025 11:23:41
QRCode
archive.org
thumbnail

Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.

The Go ecosystem, valued for its simplicity, transparency, and flexibility, has exploded in popularity. With over 2 million modules available, developers rely heavily on public repositories like GitHub. However, this openness is precisely what attackers exploit.

No Central Gatekeeping: Developers freely source modules directly from GitHub repositories, trusting the naming conventions implicitly.
Prime Target for Typosquatting: Minimal namespace validation enables attackers to masquerade malicious modules as popular libraries.
Introduction: The Silent Threat#
In April 2025, we detected an attack involving three malicious Go modules which employ similar obfuscation techniques:

github[.]com/truthfulpharm/prototransform
github[.]com/blankloggia/go-mcp
github[.]com/steelpoor/tlsproxy
Despite appearing legitimate, these modules contained highly obfuscated code designed to fetch and execute remote payloads. Socket’s scanners flagged the suspicious behaviors, leading us to a deeper investigation.

socket.dev EN 2025 Wipeout github Payload GO research Developers supply-chain-attack
4252 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio