Skip to content
supplychainattack.orgSupply chain attack incident catalog
resolvedcritical

Malicious code in github.com/belatedplanet/hypert (Go)

A malicious Go package github.com/belatedplanet/hypert was identified as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Linux and macOS systems using the affected Go package
Ecosystems
Attack vectors
Affected entities
  • github.com/belatedplanet/hypertMalicious typosquatting package acting as loader for secondary payload

A malicious Go package, github.com/belatedplanet/hypert, was discovered and reported via GitHub Security Advisory GHSA-fcwr-pghv-36vp. The package employed typosquatting techniques to deceive developers into importing it as a dependency.

The malicious code was designed to target Linux and macOS systems specifically. Upon execution, the package acted as a loader mechanism, downloading and running secondary malicious payloads on affected systems.

The advisory was published on 2026-07-13 and sourced from Google's open-source security research. The package has since been removed from public repositories.

Indicators of compromise

Packages
  • github.com/belatedplanet/hypert

Remediation

  • Remove github.com/belatedplanet/hypert from all project dependencies immediately
  • Audit project imports for similar typosquatting packages that may have been mistakenly added
  • Review system logs on Linux and macOS machines that may have executed this package for signs of secondary payload execution
  • Update dependency management tools to flag suspicious or newly-created packages with similar names to legitimate libraries
  • Implement code review processes to catch unusual or unfamiliar package imports before they reach production

Sources

  1. GitHub Advisory GHSA-fcwr-pghv-36vp · GitHub Advisory Database

Cite this entry

"Malicious code in github.com/belatedplanet/hypert (Go)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 13, 2026; last updated July 14, 2026. https://supplychainattack.org/incident/malicious-code-in-github-com-belatedplanet-hypert-go-18by88

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. activecritical

    Malicious code in github.com/boltdb-go/bolt (Go)

    github.com/boltdb-go/bolt is a malicious Go package that typosquats the legitimate BoltDB library. It contains a backdoor enabling remote code execution on systems that install it.

    GoTyposquattingCompromised package
  2. resolvedcritical

    Malicious code in github.com/shallowmulti/hypert (Go)

    A malicious Go package github.com/shallowmulti/hypert was published as a typosquatting attack, designed to act as a loader for downloading and executing additional malicious payloads on Linux and macOS systems. The package was identified and reported via the GitHub Advisory Database.

    GoTyposquattingCompromised package
  3. resolvedcritical

    Malicious code in github.com/ornatedoctrin/layout (Go)

    A malicious Go package github.com/ornatedoctrin/layout was identified as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package
  4. resolvedcritical

    Malicious code in github.com/shadowybulk/hypert (Go)

    A malicious Go package, github.com/shadowybulk/hypert, was published as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package