- Three golang modules were found in Github containing dangerous malware
- Malware was designed to erase the entire album from a Linux server
- Was eliminated from the platform
The dangerous malware of Linux, capable of brick beings, has been found in Galang’s modules in Github, experts say.
Recently, socket cybersecurity researchers found three GO Modules in Github: Github[.]com/truefarm/prototransformGITHUB[.]com/Blankloggia/GO-MCPand github[.]com/steelpoor/TLSPROXY.
The three are imitating legitimate and popular projects: Prototransform (helps convert protobuf data between different formats), the model context protocol (provides encryption functionalities and hash to the AI attendees) and Proxy TLS (a Proxy tool that provides encryption for TCP and HTTP servers).
Destroying whole records
The three of them do the same: as soon as they are activated, verify if they are being executed in a Linux environment and then overwhelm each data with zeros.
This essentially blocks the system, since all data on it are irreversibly lost. Socket says that the disk cleaning code was “highly obfuscated” and activated as soon as malware is activated, practically without leaving time to react.
“By populating the entire disc with zeros, the script completely destroys the structure of the file system, the operating system and all the data of the users, which makes the system innumerable and unrecoverable,” Socket explained.
Bleepingcomputer He says that the decentralized organization of the GO ecosystem “lacks adequate controls”, which allows the packages of different developers to have the same or similar names. Threat actors are abusing this model to execute attacks with insult bicycle types, cheating developers to discharge incorrect solutions.
As soon as Socket discovered malware, he notified Github, who eliminated him from the platform. We do not know for how long the modules were housed, or how many people may have been victims of the attack.
Unfortunately, there is no easy way to defend against this type of attacks. The best course of action is to be careful when downloading open source repositories code, thoroughly analyze developers and their state in the community, reviews and downloads.
Through Bleepingcomputer
