Google’s mirror proxy for Go programming language developers promoted a backdoored package for over three years. The service, Go Module Mirror, fastens and verifies downloads’ compatibility. However, since November 2021, a maliciously named file has been hosted on it, potentially misleading developers to download it instead of the intended file. The service had cached the malicious file for three years, leading to its continued availability despite changes to the original source.
Novel SSH backdoor leveraged in Chinese cyberespionage attacks
The new Coyote trojan variant attack uses a LNK file to execute a PowerShell command, which helps retrieve a PowerShell script for launching the trojan.
