Campaign is tailor-made for persistence : The repeated use of identical filenames, array-based string obfuscation, and delayed execution tactics strongly suggests a coordinated adversary who plans to persist and adapt, the researchers added.The presence of multiple malicious Hypert and Layout packages along with several fallback domains also suggests a resilient infrastructure. This setup will allow threat actors to adapt quickly, ensuring continued operations even if a domain or repository is blacklisted or taken down.”Given the threat actor’s demonstrated ability to upload malicious packages, there is a strong reason to suspect that similar tactics, techniques, and procedures (TTPs) will continue infiltrating the Go ecosystem,” the researchers noted. Few things that developers can do to outsmart the campaign include adopting real-time scanning tools, code audits, and careful dependency management against typosquatting attempts.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3841336/linux-macos-users-infected-with-malware-posing-as-legitimate-go-packages.html
