Home / Companies / SSOJet / Blog / Post Details
Content Deep Dive

Go Module Mirror Backdoor: 3-Year Supply Chain Attack Exposed

Blog post from SSOJet

Post Details
Company
Date Published
Author
Gopal Gehlot
Word Count
737
Company Posts That Month
46
Language
English
Hacker News Points
-
Summary

In February 2025, researchers discovered a supply chain attack targeting the Go programming ecosystem, where a malicious package, github.com/boltdb-go/bolt, impersonated the legitimate BoltDB module. The attack exploited the Go Module Proxy's caching mechanism, allowing the backdoored package to remain undetected for years by leveraging typosquatting, a tactic where attackers create misleadingly named packages. This vulnerability in the module management system highlighted the risks associated with the indefinite caching of modules, as attackers could maintain access to systems even after changes to the original repositories. The malicious package, which enabled remote code execution, was first introduced in November 2021 and continued affecting organizations using the legitimate BoltDB database module by tricking developers into installing it with a simple typo. Security experts recommended proactive verification and auditing of dependencies to mitigate such risks, while solutions like SSOJet were suggested to enhance user management security and protect against similar threats.

Trends Found in this Post

No tracked trend matches for this post yet.