A highly sophisticated supply chain attack has been identified involving a malicious Go module, github.com/xinfeisoft/crypto, which masquerades as the legitimate golang.org/x/crypto library. This module is engineered to covertly exfiltrate sensitive credentials entered via terminal prompts, establish persistent SSH access, and deploy the advanced Rekoobe Linux backdoor. The campaign leverages namespace confusion, GitHub-hosted staging, and multi-stage payload delivery, with a clear focus on cloud and CI/CD environments. The Rekoobe backdoor is a hallmark of advanced persistent threat (APT) operations and has been previously attributed to the Chinese state-sponsored group APT31 (Zirconium). This advisory provides a…