This seems to be a address error, in which a false address that resembles the correct URL has been used for the purpose of the Catal.
For many years, a false address that resembles the correct URL to the BoltdB GitHub has been used for the Catal’s purpose. Adobe Stock / AOP
The malicious software, which has been lodged in the GO code language package, has been unnoticed in the network’s buzz for a long time, says a security player Socket Security expert.
Socket Security Kirill Boychenko tells To The Register found that a possible supply chain attack in the Boltdb database module of the GO programming language.
This seems to be a so-called address error, in which, for many years, the unprecedented Lies, which resembles the correct URL to the BoltdB Github, has been used for the Catal’s purpose.
An deception occurs if the programmer in a mistake charges the module from a false address – a back gate is created through which attackers can drive the harm code on the target machine.
Boychenko explains that the BoltdB database module is used by thousands of actors, including the shop-shop shop Shopify.
Fortunately, the trap, which has been tuned in for three years, does not seem to have become a trap: log information shows that a module has been loaded only twice to the same cryptocurrency project with only seven followers.
However, it is impossible to know how many have really downloaded a false module, as Go does not make accurate tracking of the correct module. Boychenko says he has sent GO a request to correct the vulnerability.
– This vulnerability is one of the first observed, where the storage of the gon modules indefinitely to the cache is used in the same way. The case underlines the need to notice similar long -term traps in the future, says Boychenko.