> TritonInfoSec News
Home / Mar 01, 2026 / Story
0
#10 The Hacker News general February 27, 2026 at 15:33 UTC

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

By [email protected] (The Hacker News)

AI Summary

Researchers discovered a malicious Go module at github[.]com/xinfeisoft/crypto that impersonates the legitimate golang.org/x/crypto codebase while injecting code to harvest terminal passwords, create SSH persistence, and deploy the Rekoobe Linux backdoor. The supply chain attack targets developers using the popular Go programming language's cryptographic libraries.

Read full article → https://thehackernews.com/2026/02/malicious-go-cry…

Relevance score: 75.0/100

# More from March 01

  1. 1
    $4.8M in crypto stolen after Korean tax agency exposes wallet seed BleepingComputer
  2. 2
    Canadian Tire Data Breach Impacts 38 Million Accounts SecurityWeek
  3. 3
    Who is the Kimwolf Botmaster “Dort”? Krebs on Security
  4. 4
    Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement The Hacker News
  5. 5
    QuickLens Chrome extension steals crypto, shows ClickFix attack BleepingComputer
  6. 6
    ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket The Hacker News
  7. 7
    900 Sangoma FreePBX Instances Infected With Web Shells SecurityWeek
  8. 8
    ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks The Hacker News
  9. 9
    Juniper Networks PTX Routers Affected by Critical Vulnerability SecurityWeek