Malicious code in github.com/belatedplanet/hypert (Go)
A malicious Go package github.com/belatedplanet/hypert was identified as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.
- Disclosed
- Last updated
- Blast radius
- Linux and macOS systems using the affected Go package
- Ecosystems
- Attack vectors
- Affected entities
- github.com/belatedplanet/hypertMalicious typosquatting package acting as loader for secondary payload
A malicious Go package, github.com/belatedplanet/hypert, was discovered and reported via GitHub Security Advisory GHSA-fcwr-pghv-36vp. The package employed typosquatting techniques to deceive developers into importing it as a dependency.
The malicious code was designed to target Linux and macOS systems specifically. Upon execution, the package acted as a loader mechanism, downloading and running secondary malicious payloads on affected systems.
The advisory was published on 2026-07-13 and sourced from Google's open-source security research. The package has since been removed from public repositories.
Indicators of compromise
- Packages
- github.com/belatedplanet/hypert
Remediation
- Remove github.com/belatedplanet/hypert from all project dependencies immediately
- Audit project imports for similar typosquatting packages that may have been mistakenly added
- Review system logs on Linux and macOS machines that may have executed this package for signs of secondary payload execution
- Update dependency management tools to flag suspicious or newly-created packages with similar names to legitimate libraries
- Implement code review processes to catch unusual or unfamiliar package imports before they reach production
Sources
- GitHub Advisory GHSA-fcwr-pghv-36vp · GitHub Advisory Database
Cite this entry
"Malicious code in github.com/belatedplanet/hypert (Go)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 13, 2026; last updated July 14, 2026. https://supplychainattack.org/incident/malicious-code-in-github-com-belatedplanet-hypert-go-18by88
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- activecritical
Malicious code in github.com/boltdb-go/bolt (Go)
github.com/boltdb-go/bolt is a malicious Go package that typosquats the legitimate BoltDB library. It contains a backdoor enabling remote code execution on systems that install it.
GoTyposquattingCompromised package - resolvedcritical
Malicious code in github.com/shallowmulti/hypert (Go)
A malicious Go package github.com/shallowmulti/hypert was published as a typosquatting attack, designed to act as a loader for downloading and executing additional malicious payloads on Linux and macOS systems. The package was identified and reported via the GitHub Advisory Database.
GoTyposquattingCompromised package - resolvedcritical
Malicious code in github.com/ornatedoctrin/layout (Go)
A malicious Go package github.com/ornatedoctrin/layout was identified as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.
GoTyposquattingCompromised package - resolvedcritical
Malicious code in github.com/shadowybulk/hypert (Go)
A malicious Go package, github.com/shadowybulk/hypert, was published as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.
GoTyposquattingCompromised package