A highly deceptive software supply chain attack has been uncovered in the Go ecosystem, weaponizing a simple typo to distribute a DNS-based backdoor. Security researchers at Socket recently identified a malicious Go module named github.com/shopsprint/decimal. This package is a typosquat of the massively popular Shopspring/decimal library, altering just the final letter to trick developers into […]
The post Single-Letter Go Module Typosquat Spreads DNS-Based Backdoor appeared first on Cyber Security News.