Security Affairs reports that three malicious Go modules have been leveraged to facilitate the deployment of disk-wiping payloads on Linux systems as part of a new supply chain attack campaign.
Threat actors exploited obfuscation to lure developers into downloading the modules, including github[.]com/truthfulpharm/prototransform, github[.]com/blankloggia/go-mcp, and github[.]com/steelpoor/tlsproxy, an analysis from Socket's Threat Research Team revealed. After verifying the targeted systems to be running on Linux, such modules then executed damaging wiper shell scripts, including done.sh, which resulted in permanent data loss and prevented subsequent system booting. Such a risk of significant data loss and other damages stemming from the nefarious modules should prompt the implementation of more robust and secure software development practices, according to researchers. "Proactive code audits, automated dependency analysis, and continuous runtime monitoring must become integral to the software development lifecycle, particularly for projects heavily reliant on external open source dependencies," researchers added.
Threat actors exploited obfuscation to lure developers into downloading the modules, including github[.]com/truthfulpharm/prototransform, github[.]com/blankloggia/go-mcp, and github[.]com/steelpoor/tlsproxy, an analysis from Socket's Threat Research Team revealed. After verifying the targeted systems to be running on Linux, such modules then executed damaging wiper shell scripts, including done.sh, which resulted in permanent data loss and prevented subsequent system booting. Such a risk of significant data loss and other damages stemming from the nefarious modules should prompt the implementation of more robust and secure software development practices, according to researchers. "Proactive code audits, automated dependency analysis, and continuous runtime monitoring must become integral to the software development lifecycle, particularly for projects heavily reliant on external open source dependencies," researchers added.
