wget to Wipeout: Malicious Go Modules Fetch Destructive Payload

SUMMARY :

Socket's research team discovered a supply-chain attack targeting Go developers through three malicious modules: prototransform, go-mcp, and tlsproxy. These modules used obfuscation techniques to deliver a disk-wiping payload, exploiting the open nature of Go's ecosystem. The attack leveraged namespace confusion and array-based string obfuscation to appear legitimate. Upon execution, the payload fetched a destructive shell script that irreversibly overwrote the entire primary storage device with zeros, causing complete data loss and system failure. This attack highlights the critical need for proactive security measures in software supply chains, especially for projects relying on external open-source dependencies.

OPENCTI LABELS :

linux,obfuscation,data destruction,disk-wiper,go modules,namespace confusion,supply-chain attack


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


wget to Wipeout: Malicious Go Modules Fetch Destructive Payload