Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable.
The names of the packages are listed below -

github[.]com/truthfulpharm/prototransform
github[.]com/blankloggia/go-mcp
github[.]com/steelpoor/tlsproxy

"Despite appearing legitimate,



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html