Linux, macOS Users Infected With Malware Posing As Legitimate Go Packages
CSO Online, Friday, March 7th, 2025
Threat actors are typosquatting popular Go packages such as Hypert and Layout to drop malware on Linux and macOS systems.
In a new typosquatting campaign, threat actors are seen using malicious Go packages posing as popular libraries to install malware on unsuspecting Linux and macOS systems.
Researchers from the software supply chain cybersecurity platform, Socket, found seven packages impersonating widely used Go libraries like Hypert and Layout to trick developers.
'These packages share repeated malicious filenames and consistent obfuscation techniques, suggesting a coordinated threat actor capable of pivoting rapidly,' Socket researchers said in a blog post.