Recent cybersecurity research has uncovered three malicious Go modules capable of irrevocably damaging Linux systems by overwriting primary disks, rendering them unbootable. The threat highlights the dangers of supply-chain attacks that exploit seemingly trusted code, as well as the discovery of additional malicious npm and PyPI packages targeting sensitive data. This situation demands urgent attention and preventive measures from developers and organizations to ensure software integrity and security.
Keypoints :
- Three malicious Go modules discovered: `prototransform`, `go-mcp`, and `tlsproxy` contain obfuscated code that can overwrite Linux system disks.
- The destructive payload irreversibly erases data on the primary disk, making recovery impossible.
- Other malicious npm packages identified include ones targeting cryptocurrency wallets and capable of data theft, with notable downloads since 2024.
- Several PyPI packages used Gmailβs SMTP servers for data exfiltration and remote command execution, leveraging trusted domains to avoid detection.
- Recommendations for developers include verifying package authenticity, auditing dependencies, and monitoring for unusual outbound connections.
Read More: https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html