Malicious Go Packages Expose Cross-Platform Supply Chain Risks

Researchers at Socket security have identified 11 malicious Go packages designed to download and execute additional payloads from remote servers on both Windows and Linux systems. These packages silently launch a shell upon execution, retrieve a second-stage payload from interchangeable C2 servers (.icu and .tech domains), and execute it in memory. This discovery highlights the growing threat of supply chain attacks, where malicious code is introduced through third-party dependencies. The cross-platform nature of these packages expands the attack surface, necessitating broader awareness and defensive strategies. The use of in-memory execution and silent operations indicates a sophisticated attack designed to evade traditional detection mechanisms. Cybersecurity professionals must implement advanced monitoring and detection tools to identify such anomalies. Organizations should also have robust incident response plans to handle supply chain attacks and in-memory malware effectively. This discovery underscores the importance of verifying the integrity and source of packages before integration and emphasizes the need for vigilance and comprehensive incident response strategies to mitigate the risks posed by such sophisticated attacks.