The Crates.io Rust package registry was targeted in preparation of a malware attack aimed at developers, according to Phylum.
August 28, 2023 By Eduard Kovacs
The Crates.io Rust package registry was targeted recently in what appeared to be the initial phase of a malware attack aimed at developers, according to software supply chain security firm Phylum.
It’s not uncommon for threat actors to rely on typosquatting and software development package registries to deliver malware to Node.js and Python developers.
In these types of attacks, hackers typically create packages with names that are misspelled — or typosquatted — variants of popular packages.
