"Linux" Being Blamed for Typosquatting
-
CSO ☛ Linux, macOS users infected with malware posing as legitimate Go packages
Threat actors are typosquatting popular Go packages such as Hypert and Layout to drop malware on Linux and macOS systems.
-
Techstrong Group ☛ Bad Actor Targets Linux, macOS Developers with Typosquatted Go Packages
In early February, threat researchers with developer-focused security platform provider Socket detailed a three-year-old typosquatting campaign in which bad actors targeted developers with a backdoor that impersonated a widely used database module written in the Go programming language.
-
Malware Infects Linux and macOS via Typosquatted Go Packages
Socket exposes a typosquatting campaign delivering malware to Linux and macOS systems via malicious Go packages. Discover the tactics used, including obfuscation and domain typosquatting, and learn how to stay safe.
-
Information Security Buzz ☛ Typosquatted Go Packages Distribute Malware Loader Targeting Linux and macOS
Researchers from Socket have identified an ongoing campaign involving at least seven typosquatted Go packages. These packages impersonate well-known Go libraries and are designed to deploy loader malware on Linux and macOS systems.
-
Typosquatting campaign targets financial sector Linux, macOS systems
An ongoing campaign has infiltrated the Go ecosystem with at least seven typosquatted packages that install hidden loader malware that primarily target Linux and macOS systems in the financial sector.
These packages share repeated malicious filenames and consistent obfuscation techniques, which suggest a coordinated threat actor capable of pivoting rapidly, according to a March 4 blog by Socket researchers.
Update: Later one.
-
Typosquatted packages delivering malware to Linux and macOS systems
Socket researchers have identified an active, malicious campaign penetrating the Go ecosystem with typosquatted packages. These packages deliver hidden loader malware that targets Linux and macOS systems.
The malicious actor behind this campaign has released a minimum of seven packages impersonating popular Go libraries, including one that targets developers in the financial sector. The packages have repeated malicious filenames and share obfuscation tactics, indicating the threat actor behind them is coordinated and capable of pivoting.