{"id":"MAL-2025-2550","summary":"Malicious code in github.com/utilizedsun/layout (Go)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: google-open-source-security (c1511f2ec5bec408a1a2febf7d6a7bc0db05b5af4870679ef43223ecff5f000d)\nMalcious typosquatting Go packages targeting Linux and macOS systems used to\nas a loader to download and run another malicious payload.\n","modified":"2025-03-19T23:58:41Z","published":"2025-03-19T23:58:41Z","database_specific":{"malicious-packages-origins":[{"ranges":[{"events":[{"introduced":"0"}],"type":"SEMVER"}],"sha256":"c1511f2ec5bec408a1a2febf7d6a7bc0db05b5af4870679ef43223ecff5f000d","modified_time":"2025-03-19T23:58:41Z","import_time":"2025-03-20T00:02:04.784559Z","source":"google-open-source-security"}]},"references":[{"type":"ARTICLE","url":"https://socket.dev/blog/typosquatted-go-packages-deliver-malware-loader"}],"affected":[{"package":{"name":"github.com/utilizedsun/layout","ecosystem":"Go","purl":"pkg:golang/github.com/utilizedsun/layout"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/go/github.com/utilizedsun/layout/MAL-2025-2550.json"}}],"schema_version":"1.7.3","credits":[{"name":"Socket","type":"FINDER"}]}