Researchers from Socket discovered a malicious typosquat package in the Go ecosystem that impersonates the widely used Bolt database module, previously cached by the Go Module Mirror. After altering the git tag on GitHub, the malware evaded detection, remaining unnoticed for over three years despite many packages depending on BoltDB. Socket has now petitioned to remove the malicious package and emphasized the importance of verifying package integrity and employing security tools to combat software supply-chain threats.
A malicious typosquat package impersonating the popular Bolt database was found in the Go ecosystem, enabling potential remote code execution.
Socket reported the package was cached before being altered on GitHub, evading detection for over three years.
Collection
[
|
...
]