Malicious code in github.com/thankfulmai/hypert (Go)
A malicious Go package github.com/thankfulmai/hypert was published as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.
- Disclosed
- Last updated
- Blast radius
- Unknown; potentially any Go project that imported the malicious package
- Ecosystems
- Attack vectors
- Affected entities
- github.com/thankfulmai/hypertMalicious typosquatting package targeting Linux and macOS
A malicious Go package named github.com/thankfulmai/hypert was identified and published as part of a typosquatting campaign. The package targeted Linux and macOS systems and was designed to function as a loader mechanism.
The malicious package was engineered to download and execute additional malicious payloads on compromised systems. This represents a supply chain attack vector where developers importing the package would inadvertently introduce the malicious code into their projects.
The incident was disclosed via GitHub Security Advisory GHSA-xgxx-xfcg-rwmr and reported through Google's open-source security program. The package has since been identified and removed from distribution.
Indicators of compromise
- Packages
- github.com/thankfulmai/hypert
Remediation
- Audit Go project dependencies for any imports of github.com/thankfulmai/hypert and remove immediately
- Review git history and build artifacts for any systems that may have executed code from this package
- Scan systems that built or ran applications using this package for signs of malicious payload execution
- Update dependency management tools to flag or block known malicious packages
- Monitor for similar typosquatting attempts targeting common Go package names
Sources
- GitHub Advisory GHSA-xgxx-xfcg-rwmr · GitHub Advisory Database
Cite this entry
"Malicious code in github.com/thankfulmai/hypert (Go)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 13, 2026; last updated July 14, 2026. https://supplychainattack.org/incident/malicious-code-in-github-com-thankfulmai-hypert-go-1o52uy
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- activecritical
Malicious code in github.com/boltdb-go/bolt (Go)
github.com/boltdb-go/bolt is a malicious Go package that typosquats the legitimate BoltDB library. It contains a backdoor enabling remote code execution on systems that install it.
GoTyposquattingCompromised package - resolvedcritical
Malicious code in github.com/shallowmulti/hypert (Go)
A malicious Go package github.com/shallowmulti/hypert was published as a typosquatting attack, designed to act as a loader for downloading and executing additional malicious payloads on Linux and macOS systems. The package was identified and reported via the GitHub Advisory Database.
GoTyposquattingCompromised package - resolvedcritical
Malicious code in github.com/ornatedoctrin/layout (Go)
A malicious Go package github.com/ornatedoctrin/layout was identified as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.
GoTyposquattingCompromised package - resolvedcritical
Malicious code in github.com/shadowybulk/hypert (Go)
A malicious Go package, github.com/shadowybulk/hypert, was published as a typosquatting attack targeting Linux and macOS systems. The package functioned as a loader to download and execute additional malicious payloads.
GoTyposquattingCompromised package