Linux wiper malware hidden in malicious Go modules on GitHub

A supply-chain attack targets Linux servers with disk-wiping malware hidden in Golang modules published on GitHub. The campaign was detected last month and relied on three malicious Go modules that included “highly obfuscated code” for retrieving remote payloads and executing them. Complete disk destruction The attack appears designed specifically for Linux-based servers and developer environments, as the destructive payload - a Bash script named done.sh, runs a ‘dd’ command for the file-wiping activity. Furthermore, the payload verifies that it runs in a Linux environment (runtime.GOOS == "linux") before trying to execute. An analysis from supply-chain security company Socket shows that the command overwrites with zeroes every byte of data, leading to irreversible data loss and system failure. The target is the primary storage volume, /dev/sda, that holds critical system data, user files, databases, and configurations. “By populating the entire disk with zeros, the script compl ... Read full article.