Phylum security researchers recently discovered suspicious libraries uploaded to the Rust programming language’s crate registry, crates.io. The Phylum report explained that the threat actor was likely seeking to compromise developer machines.
The user “amaperf” uploaded the malicious libraries postgress, if-cfg, xrvrv, serd, oncecell, lazystatic, and envlogger between August 14 and 16. These packages were capable of capturing operating system information and transmitting the data to a predetermined Telegram channel. All the packages are now taken down. The capabilities of the libraries indicate that the threat actor was likely going to deliver malicious updates to developers with data exfiltration facilities. Developers usually have access to sensitive SSH keys and company information that is extremely valuable to threat actors. SentinelOne discovered a campaign that also targeted the crates.io repository in May 2022.
Read More:
https://thehackernews.com/2023/08/developers-beware-malicious-rust.html