Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable. The names of the packages are listed below – github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy "Despite appearing legitimate, these modules contained highly obfuscated code designed to fetch and execute remote payloads," Socket researcher Kush Pandya said. The packages are designed to check if the operating system on which they are being run is Linux, and if so retrieve a next-stage payload from a remote server using wget. The payload is a destructive shell script that overwrites the entire primary disk ("/dev/sda") with zeroes, effectively preventing the machine from booting up. "This destructive method ensures no data recovery tool or forensic process can restore the data, as it directly and irreversibly overwrites it," Pandya said. "This malicious script leaves targeted Linux servers or developer environments entirely crippled, highlighting the extreme danger posed by modern supply-chain attacks that can turn seemingly trusted code into devastating threats." The disclosure comes as multiple malicious npm packages have been identified in the registry with features to steal mnemonic seed phrases and private cryptocurrency keys and exfiltrate sensitive data. The list of the packages, identified by Socket,…Read More