info@thehackernews.com (The Hacker News)
2025-02-04 09:16:00
thehackernews.com
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems.
The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to GitHub in November 2021, following which it was cached indefinitely by the Go Module Mirror service.
“Once installed, the backdoored package grants the threat actor remote access to the infected system, allowing them to execute arbitrary commands,” security researcher Kirill Boychenko said in an analysis.
Socket said the development marks one of the earliest instances of a malicious actor abusing the Go Module Mirror’s indefinite caching of modules to trick users into downloading the package. Subsequently, the attacker is said to have modified the Git tags in the source repository in order to redirect them to the benign version.
This deceptive approach ensured that a manual audit of the GitHub repository did not reveal any malicious content, while the caching mechanism meant that unsuspecting developers installing the package using the go CLI continued to download the backdoored variant.
“Once a module version is cached, it remains accessible through the Go Module Proxy, even if the original source is later modified,” Boychenko said. “While this design benefits legitimate use cases, the threat actor exploited it to persistently distribute malicious code despite subsequent changes to the repository.”
“With immutable modules offering both security benefits and potential abuse vectors, developers and security teams should monitor for attacks that leverage cached module versions to evade detection.”
The development comes as Cycode detailed three malicious npm packages – serve-static-corell, openssl-node, and next-refresh-token – that harbored obfuscated code to collect system metadata and run arbitrary commands issued by a remote server (“8.152.163[.]60”) on the infected host.
Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.
Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.
Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!
Help Power Techcratic’s Future – Scan To Support
If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.
As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!
BITCOIN bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge Scan the QR code with your crypto wallet app |
DOGECOIN D64GwvvYQxFXYyan3oQCrmWfidf6T3JpBA Scan the QR code with your crypto wallet app |
ETHEREUM 0xe9BC980DF3d985730dA827996B43E4A62CCBAA7a Scan the QR code with your crypto wallet app |
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.