Malicious Go Crypto Module Steals Passwords, Deploys Backdoor
A dangerous supply chain attack is targeting Malicious Go Crypto Module developers worldwide. Threat actors have released a fake Go module that impersonates the trusted golang.org/x/crypto library. This malicious package steals sensitive passwords and quietly installs a Linux backdoor called Rekoobe on infected systems. This incident highlights a growing threat: even popular, familiar dependencies can…