Skip to content
supplychainattack.orgSupply chain attack incident catalog
resolvedcritical

Malicious code in github.com/thankfulmai/hypert (Go)

A malicious Go package github.com/thankfulmai/hypert was published as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Unknown; potentially any Go project that imported the malicious package
Ecosystems
Attack vectors
Affected entities
  • github.com/thankfulmai/hypertMalicious typosquatting package targeting Linux and macOS

A malicious Go package named github.com/thankfulmai/hypert was identified and published as part of a typosquatting campaign. The package targeted Linux and macOS systems and was designed to function as a loader mechanism.

The malicious package was engineered to download and execute additional malicious payloads on compromised systems. This represents a supply chain attack vector where developers importing the package would inadvertently introduce the malicious code into their projects.

The incident was disclosed via GitHub Security Advisory GHSA-xgxx-xfcg-rwmr and reported through Google's open-source security program. The package has since been identified and removed from distribution.

Indicators of compromise

Packages
  • github.com/thankfulmai/hypert

Remediation

  • Audit Go project dependencies for any imports of github.com/thankfulmai/hypert and remove immediately
  • Review git history and build artifacts for any systems that may have executed code from this package
  • Scan systems that built or ran applications using this package for signs of malicious payload execution
  • Update dependency management tools to flag or block known malicious packages
  • Monitor for similar typosquatting attempts targeting common Go package names

Sources

  1. GitHub Advisory GHSA-xgxx-xfcg-rwmr · GitHub Advisory Database

Cite this entry

"Malicious code in github.com/thankfulmai/hypert (Go)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 13, 2026; last updated July 14, 2026. https://supplychainattack.org/incident/malicious-code-in-github-com-thankfulmai-hypert-go-1o52uy

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. activecritical

    Malicious code in github.com/boltdb-go/bolt (Go)

    github.com/boltdb-go/bolt is a malicious Go package that typosquats the legitimate BoltDB library. It contains a backdoor enabling remote code execution on systems that install it.

    GoTyposquattingCompromised package
  2. resolvedcritical

    Malicious code in github.com/shallowmulti/hypert (Go)

    A malicious Go package github.com/shallowmulti/hypert was published as a typosquatting attack, designed to act as a loader for downloading and executing additional malicious payloads on Linux and macOS systems. The package was identified and reported via the GitHub Advisory Database.

    GoTyposquattingCompromised package
  3. resolvedcritical

    Malicious code in github.com/ornatedoctrin/layout (Go)

    A malicious Go package github.com/ornatedoctrin/layout was identified as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package
  4. resolvedcritical

    Malicious code in github.com/shadowybulk/hypert (Go)

    A malicious Go package, github.com/shadowybulk/hypert, was published as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.

    GoTyposquattingCompromised package