Skip to content
supplychainattack.orgSupply chain attack incident catalog
resolvedcritical

Malicious code in github.com/shallowmulti/hypert (Go)

A malicious Go package github.com/shallowmulti/hypert was published as a typosquatting attack, designed to act as a loader for downloading and executing additional malicious payloads on Linux and macOS systems. The package was identified and reported via the GitHub Advisory Database.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Unknown; potentially any Go project that imported the malicious package
Ecosystems
Attack vectors
Affected entities
  • github.com/shallowmulti/hypertMalicious typosquatting package targeting Linux and macOS

A malicious Go package named github.com/shallowmulti/hypert was discovered and reported through the GitHub Advisory Database (GHSA-3j46-8f92-vjvq). The package appears to be a typosquatting attack, likely mimicking a legitimate package name to deceive developers into importing it.

The malicious package was designed to function as a loader, capable of downloading and executing additional malicious payloads on affected systems. The attack specifically targeted Linux and macOS environments.

The incident was identified and disclosed on 2026-07-13 through Google's open-source security research. The package has been removed or remediated through the GitHub Advisory system.

Indicators of compromise

Packages
  • github.com/shallowmulti/hypert

Remediation

  • Audit all Go module dependencies for the presence of github.com/shallowmulti/hypert
  • Remove the malicious package from any affected projects immediately
  • Review go.mod and go.sum files for any references to this package
  • Regenerate any credentials or secrets that may have been exposed on systems that imported this package
  • Monitor affected systems for signs of unauthorized payload execution or data exfiltration
  • Update to a patched version or remove the dependency entirely

Sources

  1. GitHub Advisory GHSA-3j46-8f92-vjvq · GitHub Advisory Database

Cite this entry

"Malicious code in github.com/shallowmulti/hypert (Go)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 13, 2026; last updated July 14, 2026. https://supplychainattack.org/incident/malicious-code-in-github-com-shallowmulti-hypert-go-gns05k

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. activecritical

    Malicious code in github.com/boltdb-go/bolt (Go)

    github.com/boltdb-go/bolt is a malicious Go package that typosquats the legitimate BoltDB library. It contains a backdoor enabling remote code execution on systems that install it.

    GoTyposquattingCompromised package
  2. resolvedcritical

    Malicious code in github.com/ornatedoctrin/layout (Go)

    A malicious Go package github.com/ornatedoctrin/layout was identified as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package
  3. resolvedcritical

    Malicious code in github.com/shadowybulk/hypert (Go)

    A malicious Go package, github.com/shadowybulk/hypert, was published as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package
  4. resolvedcritical

    Malicious code in github.com/thankfulmai/hypert (Go)

    A malicious Go package github.com/thankfulmai/hypert was published as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package