CyberSecurityBoard
Sponsor Register Login

New Malicious Rust Crates Impersonating fast_log Discovered

A recent cybersecurity investigation has uncovered new malicious Rust crates that impersonate the popular fast_log logging library. These crates are designed to deceive developers by mimicking legitimate packages, thereby infiltrating software supply chains and potentially compromising systems that integrate them. The malicious crates contain hidden payloads that can execute unauthorized code, steal sensitive information, or create backdoors for further exploitation. This discovery highlights the growing threat of supply chain attacks in the Rust ecosystem, emphasizing the need for developers to verify package authenticity and maintain vigilant security practices. The cybersecurity community is urged to monitor such threats closely and implement robust dependency management strategies to mitigate risks associated with malicious open-source components. This article delves into the technical details of the malicious crates, their detection, and recommended countermeasures to protect development environments and production systems from similar attacks.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 26 Sep 2025 09:10:18 +0000


Cyber News related to New Malicious Rust Crates Impersonating fast_log Discovered

New Malicious Rust Crates Impersonating fast_log Discovered - A recent cybersecurity investigation has uncovered new malicious Rust crates that impersonate the popular fast_log logging library. These crates are designed to deceive developers by mimicking legitimate packages, thereby infiltrating software supply ...
3 months ago Cybersecuritynews.com
FLOSS for Gophers and Crabs: Extracting Strings from Go and Rust Executables - To support the static analysis of Go and Rust executables, FLOSS now extracts program strings using enhanced algorithms. Where traditional extraction algorithms provide compound and confusing string output FLOSS recovers the individual Go and Rust ...
2 years ago Mandiant.com
CVE-2023-40030 - Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package ...
2 years ago
CVE-2019-16760 - Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and ...
6 years ago
New Linux Kernel Code Written In Rust To Eliminate Memory Safety Bugs - Since Rust was officially merged into the Linux kernel in October 2022, development teams have been steadily working to implement Rust-based drivers and components that inherently prevent common memory-related security issues. The Linux kernel has ...
9 months ago Cybersecuritynews.com
Critical Rust Flaw Poses Exploit Threat in Specific Windows Use Cases - The Rust Project has issued an update for its standard library, after a vulnerability researcher discovered a specific function used to execute batch files on Windows systems could be exploited using an injection flaw. The set of common functions ...
1 year ago Darkreading.com CVE-2024-24576
Google Contributes $1 Million to Rust, Says It Prevented Hundreds of Android Vulnerabilities - Google today announced a grant of $1 million to the Rust Foundation, meant to help improve the interoperability between Rust and C++ code. The internet giant joined the Rust Foundation in 2021, for the same reason, and has adopted the memory-safe ...
1 year ago Securityweek.com
Malicious Rust Crates Steal Solana and Phantom Wallets, Targeting Crypto Users - In a recent cybersecurity alert, researchers have uncovered malicious Rust crates designed to steal cryptocurrency wallets, specifically targeting Solana and Phantom wallet users. These malicious crates, disguised as legitimate software packages, are ...
3 months ago Thehackernews.com
CVE-2022-36113 - Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is ...
2 years ago
Google throws $1m at Rust Foundation to build C++ bridges The Register - Google on Monday donated $1 million to the Rust Foundation specifically to improve interoperability between the language and C++. C++, a popular general purpose programming language, has arguably fallen out of fashion due to concerns over safety. ...
1 year ago Go.theregister.com
CVE-2022-36114 - Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that ...
2 years ago
CVE-2025-38033 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
CVE-2023-30624 - Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior ...
2 years ago
Malicious Rust packages on Crates.io steal crypto wallet keys - Recently, security researchers uncovered a series of malicious Rust packages hosted on Crates.io, the official Rust package registry, designed to steal cryptocurrency wallet keys from developers who inadvertently include these packages in their ...
3 months ago Bleepingcomputer.com
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel - Attackers linked to the Palestinian militant group Hamas are using a revamped version of the SysJoker multi-platform backdoor to attack targets in Israel as the current conflict between the two continues despite a current pause in the fighting. An ...
2 years ago Darkreading.com
Lazarus Group bang on trend with memory-safe Dlang malware The Register - Research into Lazarus Group's attacks using Log4Shell has revealed novel malware strains written in an atypical programming language. DLang is among the newer breed of memory-safe languages being endorsed by Western security agencies over the past ...
2 years ago Go.theregister.com Andariel Lazarus Group
Google Pushes Software Security Via Rust, AI-Based Fuzzing - Google is making moves to help developers ensure that their code is secure. The IT giant this week said it is donating $1 million to the Rust Foundation to improve interoperability between the Rust programming language and legacy C++ codebase in ...
1 year ago Securityboulevard.com
Researchers Compared Malware Development in Rust vs C & C++ Languages - A comprehensive analysis conducted in 2023 by the Rochester Institute of Technology aimed to assess whether malware developed in Rust truly presents greater challenges to security analysts than traditional C/C++ implementations. The investigation ...
9 months ago Cybersecuritynews.com
CVE-2025-61670 - Wasmtime is a runtime for WebAssembly. Wasmtime 37.0.0 and 37.0.1 have memory leaks in the C/C++ API when using bindings for the `anyref` or `externref` WebAssembly values. This is caused by a regression introduced during the development of 37.0.0 ...
2 months ago
The Verge is not interested in interviewing you about crypto - If you get a message from someone at The Verge asking to schedule an interview about cryptocurrency, don't do it. We recently discovered that a bad actor has been impersonating Verge science reporter Justine Calma to carry out this scam. If a victim ...
1 year ago Theverge.com
RIFT - New Open-Source Tool From Microsoft to Analyze Malware Hidden Within Rust Binaries - By open-sourcing RIFT, Microsoft aims to strengthen global cybersecurity defenses against the rising threat of Rust-based malware, providing the security community with essential tools to combat increasingly sophisticated cyber threats. The RIFT ...
5 months ago Cybersecuritynews.com
CVE-2024-47763 - Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if ...
1 year ago
New Rust-Based Malware 'ChaosBot' Hijacks Telegram Accounts to Spread Itself - A new malware named ChaosBot, developed using the Rust programming language, has been discovered hijacking Telegram accounts to propagate itself. This innovative malware leverages the security and performance benefits of Rust to evade detection and ...
2 months ago Thehackernews.com
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
2 years ago Cnn.com
CVE-2022-46176 - Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)