"Signs of Malware Attack Targeting Rust Developers Found on Crates.io"

According to security researchers at Phylum, the Crates[.]io Rust package registry was targeted recently in what appeared to be the initial phase of a malware attack aimed at developers.  The researchers noted that it is not uncommon for threat actors to rely on typosquatting and software development package registries to deliver malware to Node.js and Python developers.  In these types of attacks, hackers typically create packages with names that are misspelled or typosquatted variants of popular packages.   The researchers noted that these attacker packages are initially benign to ensure that they are accepted into official registries.  Days or weeks later, the threat actor adds malicious functionality that they can leverage against developers who download their package instead of the legitimate version.  Phylum reported that such an attack targeted the Rust package registry Crates[.]io earlier this month.  The researchers stated that, fortunately, the suspicious packages were detected early, but in some cases, the attacker did manage to add code designed to send information about the compromised host to a Telegram channel.  The researchers noted that this is likely part of a callback mechanism used for communications.  The Rust Foundation was notified, and it quickly removed the packages and locked the uploader’s account.  GitHub was also notified and took action against the associated account.  The researchers noted that it is unclear exactly what type of malicious functionality would have been added to the packages had they not been removed, but the researchers believe the attacker may have wanted to steal secrets or sensitive files from victims.

SecurityWeek reports: "Signs of Malware Attack Targeting Rust Developers Found on Crates.io"