securityaffairs.com 7/10/2026, 11:31:54 AM · external

Fake Go Packages Power Malware Network Aimed at Crypto Users

Fake Go Packages Power Malware Network Aimed at Crypto Users
Developing story breach 2 articles tracked
Malware campaign spreads via fake Go packages on GitHub
CyberSIXT Evidence Panel
Primary Source socket.dev

RESEARCHERS identified 222 GitHub repositories involved in a malware operation through fake Go packages, known as "Muck and Load." This operation was initiated from a malicious Go module that masqueraded as a legitimate DNS scanning tool and led to the discovery of a large network designed to distribute various malware types, including trojans, infostealers, and cryptominers. The method involved creating numerous repository versions to simulate ongoing development.

Specific tactics included invoking hidden PowerShell commands to download and execute malicious scripts from external sources. The repositories primarily targeted users interested in cryptocurrency and Web3 tools, making them attractive for running untrusted code. Socket, the cybersecurity firm behind the findings, reported the malicious repository to GitHub and the Go security team, limiting potential developer exposure.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline