Summary: Cybersecurity researchers have identified a software supply chain attack involving a malicious Go package that provides remote access to infected systems. The typosquatting technique misled users into downloading the compromised version of the package while the legitimate source appeared unaffected. This incident underscores vulnerabilities within the Go Module Mirror’s caching system, which may be exploited to distribute malicious code even after the original source is modified.

Affected: Go ecosystem, developers using Go packages

Keypoints :

• Malicious package named github.com/boltdb-go/bolt is a typosquat of the legitimate BoltDB module.
• Once installed, it grants remote access to attackers, allowing arbitrary command execution.
• The Go Module Mirror’s indefinite caching allows malicious modules to persist even if the original repository is modified.
• Security teams should monitor for attacks that exploit cached module versions.