CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting the Go programming language ecosystem, revealing three malicious Go modules designed to wipe Linux systems. These modules, named github.com/truthfulpharm/prototransform, github.com/blankloggia/go-mcp, and github.com/steelpoor/tlsproxy, contain obfuscated code that fetches next-stage payloads capable of irrevocably overwriting a Linux system's primary disk, rendering it unbootable. The attack, discovered in April 2025, highlights the dangers of direct dependency imports from public repositories and the effectiveness of code obfuscation in evading detection.
The malicious modules are designed to specifically target Linux environments. Upon execution, they retrieve a destructive shell script from a remote server using wget. This script, known as "done.sh," employs the Unix utility 'dd' to overwrite the entire primary disk ("/dev/sda") with zeroes. This process effectively eliminates the file system, operating system, and all user data, leaving affected systems crippled and data unrecoverable. According to Socket researcher Kush Pandya, this destructive method ensures no data recovery tool or forensic process can restore the data, emphasizing the extreme danger posed by modern supply-chain attacks.
This incident underscores the escalating risks present in open-source supply chains and the potential for seemingly trusted code to become devastating threats. The impact of such an attack includes complete data loss, prolonged operational downtime, and severe financial and reputational damage for affected organizations. Security experts recommend thorough dependency audits, the implementation of automated code scanning tools, and continuous monitoring solutions to detect obfuscated or suspicious behaviors in third-party packages as crucial mitigation steps.
ImgSrc: blogger.googleu
References :
The malicious modules are designed to specifically target Linux environments. Upon execution, they retrieve a destructive shell script from a remote server using wget. This script, known as "done.sh," employs the Unix utility 'dd' to overwrite the entire primary disk ("/dev/sda") with zeroes. This process effectively eliminates the file system, operating system, and all user data, leaving affected systems crippled and data unrecoverable. According to Socket researcher Kush Pandya, this destructive method ensures no data recovery tool or forensic process can restore the data, emphasizing the extreme danger posed by modern supply-chain attacks.
This incident underscores the escalating risks present in open-source supply chains and the potential for seemingly trusted code to become devastating threats. The impact of such an attack includes complete data loss, prolonged operational downtime, and severe financial and reputational damage for affected organizations. Security experts recommend thorough dependency audits, the implementation of automated code scanning tools, and continuous monitoring solutions to detect obfuscated or suspicious behaviors in third-party packages as crucial mitigation steps.
ImgSrc: blogger.googleu
Share:
References :
- Cyber Security News: Go‑Powered Supply‑Chain Hack Deploys Disk‑Wipers, Erasing Critical Data at Scale
- gbhackers.com: Hackers Weaponize Go Modules to Deliver Disk‑Wiping Malware, Causing Massive Data Loss
- The Hacker News: Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
- gbhackers.com: Hackers Weaponize Go Modules to Deliver Disk‑Wiping Malware, Causing Massive Data Loss
- socket.dev: A single line of obfuscated Go code wiped entire disks clean.
- Talkback Resources: Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack [app] [mal]
- socket.dev: wget to Wipeout: Malicious Go Modules Fetch Destructive Payload
- securityaffairs.com: Malicious Go Modules designed to wipe Linux systems
- cyberpress.org: Go‑Powered Supply‑Chain Hack Deploys Disk‑Wipers, Erasing Critical Data at Scale
- Talkback Resources: Malicious Go Modules designed to wipe Linux systems [sys] [mal]
- www.scworld.com: Linux disk-wiping malware spread via Go modules
- BleepingComputer: Linux wiper malware hidden in malicious Go modules on GitHub
Classification:
- HashTags: #supplychainattack #golang #malware
- Target: Linux Systems
- Attacker: MintsLoader Authors
- Product: Go modules
- Feature: Supply Chain
- Malware: MintsLoader
- Type: Malware
- Severity: Disaster