Linux wiper malware hidden in malicious Go modules on GitHub (bleepingcomputer.com) 22 points by elpocko 1y ago ↗ HN
[–] rgoulter 1y ago ↗ I'd suggest the original article makes for better reading. https://socket.dev/blog/wget-to-wipeout-malicious-go-modules... [–] [dead] throawayonthe 1y ago ↗ [dead]
[–] jqpabc123 1y ago ↗ The open source supply chain is obviously highly vulnerable to this sort of attack.Less obvious is the motivation in this particular case. Why destroy someone's data with no real gain from it? [–] hammyhavoc 1y ago ↗ Because open source represents a threat to someone's business model versus encouraging big spenders to buy wholly proprietary solutions.
[–] hammyhavoc 1y ago ↗ Because open source represents a threat to someone's business model versus encouraging big spenders to buy wholly proprietary solutions.
[–] pants2 1y ago ↗ How does this get executed in practice? To my knowledge, simply go getting a package doesn't execute any code, so perhaps this has to run when the user imports the package in a running Go program?
5 comments
[ 2.7 ms ] story [ 23.3 ms ] threadLess obvious is the motivation in this particular case. Why destroy someone's data with no real gain from it?