- Three Golang modules on GitHub have been found containing dangerous malware
- Malware has been designed to wipe the whole of a Linux server disc
- It has been removed from the platform
Dangerous malware Linux, capable of brick servers, have been found in the Golang modules on Github, say the experts.
Recently, Socket cybersecurity researchers have found three GO modules on GitHub: Github[.]com / TruthPharm /prototransformgithub[.]com / Blankloggia /Go-MCPand github[.]com / Steelpoor /TLSPROXY.
The three imitate legitimate and popular projects: Prototransform (Help to convert Protobuf data between different formats), the model context protocol (provides encryption and hash functionalities to AI assistants) and a TLS proxy (a proxy tool providing encryption for TCP and HTTP servers).
Destroy whole discs
All three do the same – as soon as they are activated, they check if they operate in a Linux environment, then crush each byte of data with zeros.
This essentially bricks the system, because all the data on this subject is irreversibly lost. Socket indicates that the disk attribution code was “very dark” and triggered as soon as malware is activated, practically not leaving time to react.
“By filling the entire disk with zeros, the script completely destroys the structure of the file system, the operating system and all user data, making the unique and unrealizable system,” said Socket.
Bleeping Compompute Said that the decentralized organization of the GO ecosystem “lack of appropriate checks”, allowing packages of different developers to have the same or similar names. Threat actors abuse this model to execute typosquat attacks, encouraging developers to download bad solutions.
As soon as Socket discovered malware, he informed Github, who deleted him from the platform. We do not know how long the modules have been hosted, or how many people may have been victims of the attack.
Unfortunately, there is no easy way to defend yourself against these types of attacks. The best action plan is to be careful when downloading the code from open source benchmarks, to analyze developers and their status in the community, criticism and download counts.
Via Bleeping Compompute
