Go modules
-
Malicious Go module masquerades as SSH brute-forcer, exfiltrates credentials via Telegram bot, researchers say
Security researchers have identified a malicious Go module masquerading as an SSH brute-force tool that quietly exfiltrates credentials to a threat actor via Telegram. The module, golang-random-ip-ssh-bruteforce, targets random SSH services, disables host key verification, and relays harvested data to a Telegram bot, highlighting ongoing software supply chain and credential theft risks.
-
Cybersecurity Alert: Malicious Go Modules Found Overwriting Linux Disks
Cybersecurity researchers have identified three malicious Go modules that can overwrite Linux systems’ primary disks, rendering them unbootable. These modules pose a significant threat, especially amid increasing supply chain attacks targeting software packages.