Malicious Go “crypto” Module Steals Passwords and Deploys Rekoobe Backdoor

A malicious Go module impersonating the widely trusted golang.org/x/crypto library covertly harvests passwords, exfiltrates them, and deploys a multi-stage Linux backdoor chain—including the Rekoobe backdoor—via supply chain compromise, demonstrating the severe risks posed by dependency impersonation in open source ecosystems.