Close Menu
    What's Hot

    Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

    Wildfire Smoke Shutters Parks and Shuffles Visitors

    Jensen Huang says the more AI is used, the more ‘we have to hire’

    Facebook X (Twitter) Instagram
    Trending
    • Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack
    • Wildfire Smoke Shutters Parks and Shuffles Visitors
    • Jensen Huang says the more AI is used, the more ‘we have to hire’
    • Opinion | A Test Isn’t Racist. Assumptions About Black Kids Can Be.
    • Iran condemns ‘barbaric’ US attack near children’s cancer hospital | US-Israel war on Iran News
    • Orphanage Fire Kills Eleven in Algeria
    • Everyone Thinks They Have the Diarrhea Parasite
    • Standard Lithium Ltd. (SLI:CA) Shareholder/Analyst Call Prepared Remarks Transcript
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

    adminBy adminFebruary 28, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananFeb 27, 2026Malware / Linux Security

    Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

    Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe.

    The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate “golang.org/x/crypto” codebase, but injects malicious code that’s responsible for exfiltrating secrets entered via terminal password prompts to a remote endpoint, fetches a shell script in response, and executes it.

    “This activity fits namespace confusion and impersonation of the legitimate golang.org/x/crypto subrepository (and its GitHub mirror github.com/golang/crypto),” Socket security researcher Kirill Boychenko said. “The legitimate project identifies go.googlesource.com/crypto as canonical and treats GitHub as a mirror, a distinction the threat actor abuses to make github.com/xinfeisoft/crypto look routine in dependency graphs.”

    Cybersecurity

    Specifically, the backdoor has been placed within the “ssh/terminal/terminal.go” file, so that every time a victim application invokes ReadPassword() – a function supposedly meant to read input like passwords from a terminal – it causes that information to capture interactive secrets.

    The main responsibility of the downloaded script is to function as a Linux stager, appending a threat actor’s SSH key to the “/home/ubuntu/.ssh/authorized_keys” file, set iptables default policies to ACCEPT in an attempt to loosen firewall restrictions, and retrieve additional payloads from an external server while disguising them with the .mp5 extension.

    Of the two payloads, one is a helper that tests internet connectivity and attempts to communicate with an IP address (“154.84.63[.]184”) over TCP port 443. The program likely functions as a recon or loader, Socket noted.

    The second downloaded payload has been assessed to be Rekoobe, a known Linux trojan that has been detected in the wild since at least 2015. The backdoor is capable of receiving commands from an attacker-controlled server to download more payloads, steal files, and execute a reverse shell. As recently as August 2023, Rekoobe has been put to use by Chinese nation-state groups like APT31.

    Cybersecurity

    While the package still remains listed on pkg.go.dev, the Go security team has taken steps to block the package as malicious.

    “This campaign will likely repeat because the pattern is low-effort and high-impact: a lookalike module that hooks a high-value boundary (ReadPassword), uses GitHub Raw as a rotating pointer, then pivots into curl | sh staging and Linux payload delivery,” Boychenko said.

    “Defenders should anticipate similar supply chain attacks targeting other ‘credential edge’ libraries (SSH helpers, CLI auth prompts, database connectors) and more indirection through hosting surfaces to rotate infrastructure without republishing code.”

    Backdoor Crypto deploys malicious Module Passwords Rekoobe Steals
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous Article7 Tips for Surviving the FAA Flight Reduction…
    Next Article Trump orders federal agencies to drop Anthropic services amid Pentagon feud
    admin
    • Website

    Related Posts

    Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

    July 16, 2026

    Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories

    July 16, 2026

    n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

    July 16, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

    Wildfire Smoke Shutters Parks and Shuffles Visitors

    Jensen Huang says the more AI is used, the more ‘we have to hire’

    Opinion | A Test Isn’t Racist. Assumptions About Black Kids Can Be.

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by