In February, security researchers from Socket unveiled a new typosquatting campaign that risks developers unwittingly installing malware on Linux and macOS systems. By publishing malicious Go packages that mimic popular libraries, cybercriminals are leveraging common typos to spread their malware. Research led by Kirill Boychenko highlights the coordination behind these attacks, noting similarities in filenames and obfuscation techniques. The campaign saw the release of seven malicious packages, particularly affecting developers in the financial sector, emphasizing the significant threat posed through typosquatting.
According to Kirill Boychenko, a senior threat intelligence analyst with Socket, the cybercriminal has published at least seven malicious packages on the Go Module Mirror caching service and impersonating popular Go libraries, including one that seems to target developers in the financial sector.
These packages share repeated malicious filenames and consistent obfuscation techniques, suggesting a coordinated threat actor capable of pivoting rapidly,
In typosquatting, bad actors put names on malicious files that are similar to popular legitimate files in the hope that a developer makes an error typing the name of the legitimate file.
In late February, the threat actor released four malicious packages on the Go Module Mirror that impersonate github.com/areknoster/hypert library, which is popular with developers for testing HTTP API clients.
Collection
[
|
...
]