wget to Wipeout: Malicious Go Modules Fetch Destructive Payload

Description

Socket's research team discovered a supply-chain attack targeting Go developers through three malicious modules: prototransform, go-mcp, and tlsproxy. These modules used obfuscation techniques to deliver a disk-wiping payload, exploiting the open nature of Go's ecosystem. The attack leveraged namespace confusion and array-based string obfuscation to appear legitimate. Upon execution, the payload fetched a destructive shell script that irreversibly overwrote the entire primary storage device with zeros, causing complete data loss and system failure. This attack highlights the critical need for proactive security measures in software supply chains, especially for projects relying on external open-source dependencies.