Cybersecurity researchers warn of the current malicious company aimed at the Go Ekosystem with Typized Modules designed to deploy malware on Linux and Apple Macos Systems.
“Acting threats posted at least seven packages that present themselves widely used GO libraries, including one (GitHub (.) Com/Dlultowmulti/Hypert), which appears – Note In a new report.
“These packages share repeated malicious names and consistent methods of aggravation, which suggests that a coordinated actor threats that can be quickly turned.”
While all of them continue to be available in the official package storage, their relevant GitHub repository prohibiting “GitHub (.) Com/Ornatedctrin/layout” are no longer available. List of packages that violate, below – below –
- shallow/hyperto (gitHub.com/shallowmulti/hypert)
- Shadowybulk/Hypert (github.com/shadowybulk/hypert)
- BELEDPLANET/HYPERT (GITHUB.com/belatedplanet/hypert)
- Thank you/Hypert (github.com/thankfulmai/hypert)
- Vainreboot/layout (github.com/vainreboot/layout)
- ornated -Trin/layout (gitHub.com/ornatedctrin/layout)
- Used/layout (github.com/utilizedsun/layout)
Fake packages, sockets analysis contain the code to achieve the remote code. This is achieved by launching a team of embarrassed shell for obtaining and launching a scenario located on a remote server (“Alturastreet (.) ICU”). As a result of the likely effort to avoid detection, the deleted scenario does not come out until the hour has passed.
The ultimate goal of the attack is to install and start the executable file that can potentially steal data or credentials.
The disclosure of the information happened a month after the socket disclosed Another case of attacking a software supply chain aimed at the GO ecosystem with a malicious package capable of providing the enemy to remote access to infected systems.
“The repeated use of identical filenames, exacerbation of lines based on array and retention tactics, strongly indicates a coordinated enemy who plans to store and adapt,” Boychenko said.
“The opening of several malicious packages and layouts, as well as numerous backup domains, indicates the infrastructure intended for durability, allowing the actor to turn the threat every time a domain or repository is blacklisted.”
