A malicious version of a Go Lay package not detected online for years


  • Someone bifurcó a popular database module and equipped it with malware
  • Malicious bifurcado was stored in cache and stored indefinitely
  • Then I was creatively hidden in view of Go Go developers

Apparently, they warned a software supply chain attack aimed at developers on the Go platform, it was hiding in sight for three years to spread malware, experts warned.

Socket Security cybersecurity researchers discovered and talked publicly about the campaign, which began in 2021, when someone took a relatively popular database module called Boltdb in Github and Bifurcó. In bifurcation, they added malicious code, which gave the attacker back door to compromised computers.

Leave a Comment

Your email address will not be published. Required fields are marked *