Socket researchers have uncovered an ongoing malicious campaign infiltrating the Go ecosystem with typosquatted packages that install hidden loader malware targeting Linux and macOS systems. The threat actor has published at least seven packages impersonating widely used Go libraries, including one ( github.com/shallowmulti/hypert ) that appears to target financial-sector developers. These packages share repeated malicious
