Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent access via SSH, and deliver a Linux backdoor named Rekoobe.
The Go module, github[.]com/xinfeisoft/crypto, impersonates the legitimate „golang.org/x/crypto“ codebase, but injects malicious code that’s responsible for exfiltrating secrets entered via terminal password
https://thehackernews.com/2026/02/malicious-go-crypto-module-steals.html