A recent supply-chain attack has targeted Linux servers with destructive disk-wiping malware disguised within malicious Go modules on GitHub. This campaign, identified by researchers, employs highly obfuscated code that executes a payload designed to irreversibly wipe critical system data. The attack has severe implications, leading to total data loss and system failure, primarily affecting Linux-based server environments.
Keypoints :
- The supply-chain attack specifically targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub.
- Three malicious Go modules contained obfuscated code that executed a destructive Bash script, leading to complete data loss.
- The payload utilizes a βddβ command to overwrite the disk with zeroes, permanently destroying the file system and user data.
- The targeted primary storage volume, /dev/sda, holds essential system data, making the attack particularly damaging.
- The malicious modules impersonated legitimate projects to evade detection and were removed from GitHub following the attackβs discovery.
- Socket researchers warn that even minimal exposure to these malicious modules can have catastrophic consequences for affected systems.
- The decentralized nature of the Go ecosystem allows attackers to create convincing module names, increasing the risk of integration into developer projects.