Risky Bulletin Newsletter
August 28, 2023
Risky Biz News: Malware found on Rust's Crates repository
Presented by

News Editor
Seven malicious packages have been found and removed from Crates, the official package repository for the Rust programming language, marking the second time malware has been found on the portal. [This is the first-known incident, if anyone's curious.]
The packages were discovered by DevSecOps company Phylum, which described them as showing "the hallmarks of early preparations for a broader campaign."
All seven packages were initially published with no content and then received incremental updates over a few days with suspicious code.