Malicious Go Module Impersonates crypto Library to Deploy Rekoobe Backdoor

A Supply Chain Attack Hiding in Plain Sight A malicious Go module named github.com/xinfeisoft/crypto has been discovered impersonating the widely-used golang.org/x/crypto library. The module intercepts SSH password input, exfiltrates credentials to a...