A malicious typosquat package has been found in the Go language ecosystem. The package, which contains a backdoor to enable remote code execution, was discovered by researchers at the application security company Socket.A February 3 Socket blog post states that the package impersonates the widely used Bolt database module. The BoltDB package is widely adopted in the Go ecosystem, with 8,367 packages dependent on it, according to the blog. After the malware was cached by the Go Module Mirror, the git tag was strategically altered on GitHub to remove traces of malware and hide it from manual review. Developers who manually audited github.com/boltdb-go/bolt on GitHub did not find traces of malicious code. But downloading the package via the Go Module Proxy retrieved an original backdoored version. This deception went undetected for more than three years, allowing the malicious package to persist in the public repository.Continue reading on InfoWorld.
First seen on infoworld.com
Jump to article: www.infoworld.com/article/3817921/malicious-package-found-in-the-go-ecosystem.html
