Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems.

"At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it in memory," Socket security researcher Olivia Brown said .

The list of identified packages is below -

github.com/stripedconsu/linker

github.com/agitatedleopa/stm

github.com/expertsandba/opt

github.com/wetteepee/hcloud-ip-floater

github.com/weightycine/replika

github.com/ordinarymea/tnsr_ids

github.com/ordinarymea/TNSR_IDS

github.com/cavernouskina/mcp-go

github.com/lastnymph/gouid

github.com/sinfulsky/gouid

gith

See Full Page