Typosquatted Go Packages Distribute Malware Loader Targeting Linux and macOS
informationsecuritybuzz.com
Researchers from Socket have identified an ongoing campaign involving at least seven typosquatted Go packages. These packages impersonate well-known Go libraries and are designed to deploy loader malware on Linux and macOS systems.
Typosquatted packages are malicious software components designed to mimic the names of popular, legitimate packages. In the context of Go programming, these packages are created with names that are very similar to widely used Go libraries. The goal is to deceive developers into installing these malicious packages instead of the genuine ones.
According to Socket: “In February 2025, the threat actor released four malicious packages on the Go Module Mirror that impersonate the legitimate github.com/areknoster/hypert library, a popular tool for testing HTTP API clients. These typosquatted clones – github.com/shallowmulti/hypert, github.com/shadowybulk/hypert, github.com/belatedplanet/hypert, and github.com/thankfulmai/hypert – embed concealed functions to enable remote code execution.”
Evading Detection ...
Copyright of this story solely belongs to informationsecuritybuzz.com . To see the full text click HERE