Security News > 2023 > August > Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel

Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel
2023-08-28 15:40

In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry.

It's not clear what the end goal of the campaign was, but the suspicious modules were found to harbor functionalities to capture the operating system information and transmit the data to a hard-coded Telegram channel via the messaging platform's API. This suggests that the campaign may have been in its early stages and that the threat actor may have been casting a wide net to compromise as many developer machines as possible to deliver rogue updates with improved data exfiltration capabilities.

"With access to SSH keys, production infrastructure, and company IP, developers are now an extremely valuable target," the company said.

The disclosure comes as Phylum also revealed an npm package called emails-helper that, once installed, sets up a callback mechanism to exfiltrate machine information to a remote server and launches encrypted binaries that are shipped with it as part of a sophisticated attack.

"Data exfiltration is attempted via HTTP, and if this fails, the attacker reverts to exfiltrating data via DNS," the company said.

"A simple action like running npm install can set off this elaborate attack chain, making it imperative for developers to exercise caution and due diligence as they carry out their software development activities."


News URL

https://thehackernews.com/2023/08/developers-beware-malicious-rust.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Telegram 6 6 26 3 0 35