Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Distribution of the threat has been suspended, but the developers computers have already been compromised.
Software developers have once again been targeted in supply chain attacks. In the library registry Crates.io A number of malicious packages were recently discovered for the Rust programming language. All of them were uploaded between August 14 and 16 of this year, as Phylum researchers warned in a report published last week.
Suspicious modules published by the user under the nickname "amaperf" have already been removed, but before that they managed to collect information about the operating systems of hundreds of developers and send it to the encoded Telegram channel via the messenger API.
An attack of this kind may indicate that the attackers just started another malicious operation and tried to infect as many developers ' computers as possible in order to further distribute malicious code through software updates that these developers support.
"Developers are now an extremely valuable target, given access to their SSH keys, production infrastructure, and company intellectual property," Phylum said.
It is noteworthy that this is not the first such attack on the resource. Crates.io. In May last year, SentinelLabs researchers uncovered a malicious campaign called CrateDepression, which used the type-squatting technique to steal sensitive data and upload arbitrary files.
An attack on the software supply chain is a serious threat to developers. They should exercise caution and carefully check any libraries used before installing them to prevent further spread of the infection.
Software developers have once again been targeted in supply chain attacks. In the library registry Crates.io A number of malicious packages were recently discovered for the Rust programming language. All of them were uploaded between August 14 and 16 of this year, as Phylum researchers warned in a report published last week.
Suspicious modules published by the user under the nickname "amaperf" have already been removed, but before that they managed to collect information about the operating systems of hundreds of developers and send it to the encoded Telegram channel via the messenger API.
An attack of this kind may indicate that the attackers just started another malicious operation and tried to infect as many developers ' computers as possible in order to further distribute malicious code through software updates that these developers support.
"Developers are now an extremely valuable target, given access to their SSH keys, production infrastructure, and company intellectual property," Phylum said.
It is noteworthy that this is not the first such attack on the resource. Crates.io. In May last year, SentinelLabs researchers uncovered a malicious campaign called CrateDepression, which used the type-squatting technique to steal sensitive data and upload arbitrary files.
An attack on the software supply chain is a serious threat to developers. They should exercise caution and carefully check any libraries used before installing them to prevent further spread of the infection.
