Summary: The video discusses a newly discovered supply chain attack targeting the Go programming language, specifically through a typo-squatting attack on the popular Bolt DB package. Researchers from the team at Socket revealed that this attack allowed remote code execution by exploiting the Go module proxy service, showcasing the vulnerabilities inherent in the system’s design. A supply chain attack involving the Go programming language and the Bolt DB package was identified. The attack was executed through a malicious module that took control via a Command and Control (C2) server. The attacker modified the Git tags in the source repository to point to a non-malicious version of the code. The design of the Go module proxy service prioritizes caching, enabling persistent distribution of malicious code. The Go module proxy’s immutability feature prevents unversioned module updates, protecting against quiet updates of compromised libraries. The malicious component has been removed from the Go module proxy, GitHub, and added to the Go vulnerability database.
Keypoints:
Youtube Video: https://www.youtube.com/watch?v=VJThsg8fjno
Youtube Channel: Hak5
Video Published: Tue, 25 Feb 2025 17:00:38 +0000