Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

not linux, but Go packages.



The campaign is using Go packages just as a mechanism to download a ransomware for Linux systems, and it specifically checks if the Documents/ directory exists for the current user. If it doesn't exist it does nothing.

That's probably why the malware sandboxes are not detecting the outbound connections and the encrypting activity.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: