CyberSecurity news
FlagThis
Jeff Burt@DevOps.com
//
A malicious package imitating the popular BoltDB module has been discovered in the Go ecosystem. This package contains a backdoor that enables remote code execution, posing a significant security risk to developers using the compromised module. The malicious package, a typosquat of BoltDB, was discovered by researchers at Socket, an application security company.
This attack exploits the Go Module Mirror's caching mechanism, allowing the malware to persist undetected despite manual code reviews. After the malware was cached by the Go Module Mirror, the git tag was strategically altered on GitHub to remove traces of malicious code and hide it from manual review. To mitigate software supply-chain threats, Socket advises developers to verify package integrity before installation, analyze dependencies for anomalies, and use security tools that inspect installed code at a deeper level.
References :
This attack exploits the Go Module Mirror's caching mechanism, allowing the malware to persist undetected despite manual code reviews. After the malware was cached by the Go Module Mirror, the git tag was strategically altered on GitHub to remove traces of malicious code and hide it from manual review. To mitigate software supply-chain threats, Socket advises developers to verify package integrity before installation, analyze dependencies for anomalies, and use security tools that inspect installed code at a deeper level.
Share:
References :
- ciso2ciso.com: Source: thehackernews.com – Author: . Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems.
- Lobsters: Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
- The Hacker News: Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
- bsky.app: Socket Security has discovered a malicious Go module for the BoltDB database that contains a hidden backdoor. The module is cached in the Go Module Mirror, the first attack documented making it in the the Go Module Mirror despite manual code reviews. https://socket.dev/blog/malicious-package-exploits-go-module-proxy-caching-for-persistence
- ciso2ciso.com: Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
- fosstodon.org: Socket: Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
- DevOps.com: Typosquat Supply Chain Attack Targets Go Developers
- securityonline.info: Socket researchers have discovered a malicious typosquatting package in the Go ecosystem that exploits the Go Module Proxy’s
- securityonline.info: Socket researchers have discovered a malicious typosquatting package in the Go ecosystem that exploits the Go Module Proxy’s The post appeared first on .
- www.infoworld.com: Malicious package found in the Go ecosystem
- ciso2ciso.com: Malicious package found in the Go ecosystem – Source: www.infoworld.com
- ciso2ciso.com: Source: www.infoworld.com – Author: The malicious package, a typosquat of the popular BoltDB module, is said to be among the first known exploits of the Go Module Mirror’s indefinite module caching.
- heise online English: Typosquatting in the Go ecosystem: Fake BoltDB package discovered A malicious package in the Go ecosystem imitates BoltDB and contains a backdoor. Attackers used the caching service to spread the malware unnoticed.
- www.heise.de: Typosquatting in the Go ecosystem: Fake BoltDB package discovered
Classification:
- HashTags: #Go #Malware #SupplyChainAttack
- Company: Go
- Target: Go Developers
- Product: Go
- Feature: Typosquatting
- Malware: BoltDB Backdoor
- Type: Malware
- Severity: Major