this post was submitted on 05 May 2025
197 points (98.5% liked)

Linux

54498 readers
584 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
nooter692@lemmy.ml
MarcellusDrum@lemmy.ml
cypherpunks@lemmy.ml
cyclohexane@lemmy.ml
d3Xt3r@lemmy.nz
197
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (thehackernews.com)
submitted 3 weeks ago* (last edited 3 weeks ago) by abobla@lemm.ee to c/linux@lemmy.ml
15 comments fedilink hide all child comments
 

Packages:

  • github.com/truthfulpharm/prototransform
  • github.com/blankloggia/go-mcp
  • github.com/steelpoor/tlsproxy
all 16 comments
sorted by: hot top controversial new old
[–] HelloRoot@lemy.lol 79 points 3 weeks ago (2 children)

Aaah finally, malware for Linux, truly the year of the Linux Desktop!

[–] Ahrotahntee@lemmy.ca 35 points 3 weeks ago

We made it! I never thought I'd live to see this day!

[–] FriendBesto@lemmy.ml 1 points 2 weeks ago

Notice me Hacker Senpai!

[–] vegetvs@kbin.earth 66 points 3 weeks ago (1 children)

The Go programming language allows developers to fetch modules directly from version control platforms like GitHub.

This is absolutely not just specific to Go.

[–] krakenfury@lemmy.sdf.org 38 points 3 weeks ago (1 children)
  • PyPi
  • npm
  • Maven Central
  • Docker Hub
  • Artifact Hub
  • PPA
  • AUR

The problem isn't specific to anything. It's also not specific to malware. Vulnerabilities are just as dangerous, if not more so.

[–] FurryMemesAccount@lemmy.blahaj.zone 7 points 3 weeks ago (1 children)

Cargo also has a --git option but I suppose it's not default behavior

[–] krakenfury@lemmy.sdf.org 2 points 3 weeks ago (1 children)

Sure! My point is that hosting doesn't really matter, though. Malware and vulnerabilities are introduced at all points of supply chains.

[–] FurryMemesAccount@lemmy.blahaj.zone 3 points 3 weeks ago

I agree, I was just giving another example to raise awareness about that feature of rust.

[–] fluxion@lemmy.world 34 points 3 weeks ago

This is why we can't have nice things

[–] UnfortunateShort@lemmy.world 17 points 3 weeks ago (1 children)

Any intel on affected, high-profile software?

[–] MoonMelon@lemmy.ml 15 points 3 weeks ago (1 children)

I found the original blog post more educational.

Looks like these may be typosquats, or at least "namespace obfuscation", imitating more popular packages. So hopefully not too widespread. I think it's easy to just search for a package name and copy/paste the first .git files, but it's important to look at forks/stars/issue numbers too. Maybe I'm just paranoid but I always creep on the owners of git repos a little before I include their stuff, but I can't say I do that for their includes and those includes etc. Like if this was included in hugo or something huge I would just be fucked.

[–] catloaf@lemm.ee 10 points 3 weeks ago (1 children)

The really fun version of that is when people take some of the hallucinated package names from an LLM and create them, but with malware.

[–] tomatoely@sh.itjust.works 4 points 3 weeks ago* (last edited 3 weeks ago)

If anyone is curious, I checked the yay aur helper go dependencies here and it had none of the malicious packages mentioned on this post

[–] OctaviaMeowzly@lemmy.blahaj.zone 1 points 3 weeks ago

Halloween documents pt 2