I accidentally discovered malicious programs in the Go ecosystem that impersonate legitimate tools such as the linter ldez/usetesting, the HCL editor go.mercari.io/hcledit, the official MailerSend Go SDK mailersend/mailersend-go, and many more. These programs are not very popular but are still used by some developers. By the time I wrote this article, I had reported the malicious repositories to GitHub support, and most of them have been deleted.
[Read More]