A cracked malicious version of a Go package lay undetected online for years
Someone forked a popular database module and fitted it with malware The malicious fork was then cached and stored indefinitely It was then creatively hidden in plain sight to target Go developers A ...
The Register on MSN16d
Poisoned Go programming language package lay undetected for 3 years
Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by ...
Go Module Mirror served backdoor to devs for 3+ years
A mirror proxy Google runs on behalf of developers of the Go programming language pushed a backdoored package for more than ...
Hidden backdoor in Go package remained undetected for years
Go, one of the most popular programming languages alongside "traditional" standards such as Python, C, and Visual Basic, was exploited to turn legitimate open-source projects into ...