Socket uncovers 11 malicious Go packages with obfuscated payloads targeting Linux/Windows. AI-generated npm malware & supply chain attacks surge.

Continue reading
Security researchers from Socket have identified a sophisticated supply chain attack involving eleven malicious Go packages that utilize string-array obfuscation techniques to silently execute remote payloads at runtime. The campaign, discovered in August 2025, represents a significant escalation in supply chain compromise tactics, targeting both Linux CI servers and Windows development workstations.
The malicious packages employ advanced obfuscation methodologies that conceal shell commands and leverage system utilities including `/bin/sh` on Linux systems and `certutil.exe` on Windows environments. At runtime, the compromised code spawns shells and retrieves second-stage ELF binaries and Portable Executable (PE) files from command-and-control endpoints using interchangeable .icu and .tech domains.
Compromised Package Inventory:
Eight of the eleven packages represent typosquatting attempts, designed to exploit developer confusion and typing errors when searching for legitimate modules. The attack leverages the decentralized nature of the Go ecosystem, where modules can be directly imported from GitHub repositories, creating significant opportunities for malicious actors to distribute compromised code.
Analysis reveals the packages are likely the work of a single coordinated threat actor, evidenced by C2 infrastructure reuse and consistent code formatting patterns. The campaign exploits the Go Module Mirror's caching mechanism, similar to tactics previously observed in the BoltDB compromise that persisted undetected for over three years.
The npm package @kodane/patch-manager represents a concerning evolution in supply chain attacks, utilizing AI-generated code to create sophisticated cryptocurrency wallet draining malware. Published on July 28, 2025, the package accumulated over 1,500 downloads before takedown, demonstrating the effectiveness of AI-assisted social engineering.
Security researchers identified telltale signs of AI generation, including excessive console logs, emojis in code comments, and the repeated use of terms like "Enhanced" - patterns characteristic of Claude AI assistance. The malware employed post-install scripts to rename and hide files across macOS, Linux, and Windows systems, achieving persistence through the background execution of connection pooling scripts.
Two malicious npm packages, naya-flore and nvlore-hsc, masquerade as WhatsApp development libraries while incorporating destructive data-wiping capabilities. The packages implement a phone number-based kill switch mechanism that recursively deletes files using the `rm -rf *` command for systems not matching predefined Indonesian phone number lists.
The packages contain dormant data exfiltration functions capable of stealing device identifiers, phone numbers, and authentication tokens. Despite Socket filing takedown requests, both packages remain available on the npm registry, highlighting persistent gaps in repository security oversight.
Security researchers discovered two malicious RubyGems packages - fastlane-plugin-telegram-proxy and fastlane-plugin-proxy_telegram - that redirect Telegram API traffic through attacker-controlled Cloudflare Workers infrastructure. The packages closely mimic legitimate Fastlane plugins while surreptitiously rerouting communications to rough-breeze-0c37[.]buidanhnam95[.]workers[.]dev.
The campaign targets mobile application CI/CD pipelines, intercepting bot tokens, chat identifiers, message content, and uploaded files. The timing of the attack, occurring shortly after Vietnam's nationwide Telegram ban, suggests a geopolitically motivated targeting strategy.
The flaw exploits the `chrome.devtools.inspectedWindow.reload` function's inadequate verification mechanisms, allowing malicious extensions to execute code on about:blank pages that inherit WebUI permissions. Security researchers demonstrated practical exploitation scenarios involving malicious Chrome extensions that leverage DevTools APIs for remote code execution in browser privilege contexts.[9]
South Africa's National Treasury confirmed compromise of its Infrastructure Reporting Model platform, though swift isolation prevented service disruption. The campaign demonstrates advanced threat actor capabilities in exploiting unpatched enterprise systems across developing digital infrastructures.
Darktrace Threat Research documented extensive exploitation of multiple zero-day vulnerabilities by Chinese-nexus threat actors throughout early 2025. Notable exploits include:
The Trimble Cityworks exploitation particularly concerns critical national infrastructure, as the asset management system serves local governments, utilities, airports, and public works agencies. Darktrace observed suspicious file downloads from 192.210.239[.]172:3219/z44.exe, later linked to Chinese threat actors targeting U.S. government entities.
The BlindEagle (APT-C-36) group demonstrated sustained targeting of Latin American organizations from February through June 2025, according to Darktrace threat intelligence. The campaign involved sophisticated social engineering and custom malware deployment against regional government and private sector targets.
International law enforcement agencies successfully dismantled BlackSuit ransomware infrastructure, seizing .onion domains and negotiation portals. The operation involved collaboration between U.K., U.S., German, Dutch, Ukrainian authorities, Europol, and Bitdefender's Draco Team.
Visitors to previously active BlackSuit domains now encounter seizure notices from U.S. Homeland Security Investigations, marking a significant disruption to ransomware-as-a-service operations. The takedown demonstrates increasing effectiveness of public-private collaboration in combating dark web criminal infrastructure.
Governor Tim Walz activated Minnesota's National Guard cyber defense team following a "deliberate and coordinated" cyberattack on Saint Paul city systems. The attack, occurring July 25, 2025, crippled municipal IT infrastructure and disrupted online services affecting over 311,000 residents.
Emergency services remained operational through manual processes while digital services including online payments and library operations were taken offline. The attack's scale overwhelmed both internal IT resources and commercial cybersecurity providers, necessitating military cyber support.
Generative AI adoption in cybercrime includes:
McKinsey research indicates that 47% of organizations cite advancement of adversarial capabilities as their primary GenAI security concern, while 42% experienced successful social engineering attacks in the past year.
Security researchers document increasing sophistication in AI system compromise techniques, including adversarial inputs designed to trick AI models into incorrect decisions, data poisoning attacks targeting training datasets, and model inversion techniques revealing sensitive information.
Prompt injection attacks against generative AI systems use harmful instructions disguised as legitimate prompts to manipulate outputs and potentially leak sensitive data. The widespread deployment of AI across business functions - with 78% of organizations using AI in at least one business function according to McKinsey - significantly expands organizational attack surfaces.

Chinese-speaking TA4922 expands into Europe, deploying new Atlas RAT malware in phishing campaigns targeting organizations across sectors.