Summary: Cybersecurity researchers have identified a software supply chain attack involving a malicious Go package that provides remote access to infected systems. The typosquatting technique misled users into downloading the compromised version of the package while the legitimate source appeared unaffected. This incident underscores vulnerabilities within the Go Module Mirrorโs caching system, which may be exploited to distribute malicious code even after the original source is modified.
Affected: Go ecosystem, developers using Go packages
Keypoints :
- Malicious package named github.com/boltdb-go/bolt is a typosquat of the legitimate BoltDB module.
- Once installed, it grants remote access to attackers, allowing arbitrary command execution.
- The Go Module Mirrorโs indefinite caching allows malicious modules to persist even if the original repository is modified.
- Security teams should monitor for attacks that exploit cached module versions.
Source: https://thehackernews.com/2025/02/malicious-go-package-exploits-module.html