Trust Betrayed: A Malicious Go Package Is a Brute-Force Tool and a Data Thief
Experts at Socket have uncovered a malicious Go package named golang-random-ip-ssh-bruteforce, which masquerades as a tool for brute-forcing SSH credentials but in reality exfiltrates them to its author via Telegram. The module’s logic is...
