– Developers targeted in software supply chain attacks.
– Malicious packages discovered on Rust programming language’s crate registry.
– Libraries uploaded between August 14 and 16, 2023.
– Published by a user named “amaperf.”
– Names of the packages are not disclosed, as they have been taken down.
Just when we thought cybercrime couldn’t get more cutting-edge, we’ve discovered that developers continue to be the victims of software supply chain attacks. Think of it as a digital migraine for our tech gurus – and this time it’s not just because they’ve been staring at four screens simultaneously.
Anyone familiar with coding will know about the Rust programming language’s crate registry. Rust may not be known for speed, but it’s got reliability and memory safety up its sleeves. Unfortunately, that didn’t stop some tech “villain” from planting malicious packages there. Talk about breaking the rules of the sandbox!
The rogue packages were uploaded between August 14 and 16, 2023. The sneaky mastermind behind this was a user named “amaperf”, a brilliantly anonymous handle that left us with no choice but to make up fun acronyms. “Amazingly Malicious And Potentially Evil Rust Foe”, anyone?
In a case of “now you see it, now you don’t”, the names of the pernicious packages are no longer accessible. The powers-that-be, or rather, Rust Guru’s, have yanked them offline. Clearly, these weren’t your typical pre-packaged solutions.
It’s an evidence that developers are continuously prime targets for software supply chain attacks, with fresh instances cropping up on the Rust programming language’s crate registry. These malicious packages were uploaded during a short span in August 2023 by a user named “amaperf” and were later taken down from the registry.
So remember folks, while the e-world continues to spin, it seems developers need to keep one eye over their shoulder, and the other on their code. Ah, the life of a multi-tasking tech whiz. We wouldn’t have it any other way!
Original Article: https://thehackernews.com/2023/08/developers-beware-malicious-rust.html
No products in the cart.