{"id":1806,"date":"2025-02-06T13:25:08","date_gmt":"2025-02-06T13:25:08","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1806"},"modified":"2025-02-06T13:25:08","modified_gmt":"2025-02-06T13:25:08","slug":"malicious-package-found-in-the-go-ecosystem","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1806","title":{"rendered":"Malicious package found in the Go ecosystem"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

A malicious typosquat package has been found in the\u00a0Go language<\/a>\u00a0ecosystem. The package, which contains a backdoor to enable remote code execution, was discovered by researchers at the application security company Socket.<\/p>\n

A February 3\u00a0Socket blog post<\/a>\u00a0states that the package impersonates the widely used\u00a0Bolt database module<\/a>. The BoltDB package is widely adopted in the Go ecosystem, with\u00a08,367 packages<\/a>\u00a0dependent on it, according to the blog. After the malware was cached by the Go Module Mirror, the\u00a0git\u00a0tag was strategically altered on GitHub to remove traces of malware and hide it from manual review. Developers who manually audited\u00a0github.com\/boltdb-go\/bolt\u00a0on GitHub did not find traces of malicious code. But downloading the package via the Go Module Proxy retrieved an original backdoored version. This deception went undetected for more than three years, allowing the malicious package to persist in the public repository.<\/p>\n

Continue reading on InfoWorld.<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

A malicious typosquat package has been found in the\u00a0Go language\u00a0ecosystem. The package, which contains a backdoor to enable remote code execution, was discovered by researchers at the application security company Socket. A February 3\u00a0Socket blog post\u00a0states that the package impersonates the widely used\u00a0Bolt database module. The BoltDB package is widely adopted in the Go ecosystem, […]<\/p>\n","protected":false},"author":0,"featured_media":1807,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1806","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1806"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1806"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1806\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1807"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}