Cybersecurity researchers have uncovered 11 malicious Go packages that download and execute remote payloads on Windows and Linux systems, posing significant supply chain risks. Additionally, two npm packages impersonating WhatsApp libraries feature a kill switch and exfiltrate device data, highlighting ongoing threats in open-source ecosystems. #GoPackages #NpmMalware
Keypoints
- The malicious Go packages can fetch and execute second-stage binaries, compromising Windows and Linux systems.
- The packages contain obfuscated loaders that target host information, web browser data, and command-and-control communication.
- Cyberattackers exploit the decentralized Go ecosystemβs trust by naming malicious modules to appear legitimate.
- The npm packages naya-flore and nvlore-hsc mimic WhatsApp libraries and include a remote kill switch feature.
- Security researchers warn of ongoing supply chain threats from open-source repositories with obfuscated and malicious code.
Read More: https://thehackernews.com/2025/08/malicious-go-npm-packages-deliver-cross.html