The developers of the Rust language have issued a warning regarding the presence of malicious code in the repository Crates.io. The packages Faster_log and ASYNC_PRINTLN, which were posted on May 25, have been downloaded 8424 times since then. Attackers exploited the similarity in names with popular legitimate packages, such as Typskvotting, to deceive users into downloading their clones.
By offering changed clones with similar names and functions for working with logs in applications, the attackers aimed to go unnoticed by users who might not pay attention to minor differences. The malicious code within the Faster_LOG and ASYNC_PRINTLN packages was designed to search for private keys of SOLANA and Etherum cryptocurrencies in logs, as well as key-like symbol combinations, and then send them to the attackers’ server.
In a separate incident, users of the accompanying pypi catalog packages have been targeted in a phishing campaign. The phishing emails threaten to suspend the users’ accounts unless they provide an email address. The emails contain a link to a confirmation form hosted on the pypi-mirror.org domain, which was registered by the attackers. Developers have warned users to be cautious and report any suspicious activities.