Researchers from Socket have uncovered a malicious Go module that impersonates the widely trusted golang.org/x/crypto package. The rogue module, published on GitHub [.]com/xinfeisoft/crypto, copies the structure of the legitimate cryptography library but secretly inserts a backdoor into the ssh/terminal/terminal.go file. The real golang.org/x/crypto repository provides essential cryptographic functions, including bcrypt, argon2, chacha20, and SSH utilities. […] The post Compromised Go Crypto Package Delivers Rekoobe Malware To Dev Systems appeared first on Cyber Security News.