Navigation
Search
|
The malicious "rustdecimal" crate
Wednesday May 11, 2022. 03:55 PM , from LWN.net
The Rust Blog warns
developers of a malicious crate named rustdecimal, which was evidently targeted at GitLab users who mistype rust_decimal. The crate contained identical source code and functionality as the legit rust_decimal crate, except for the Decimal::new function. When the function was called, it checked whether the GITLAB_CI environment variable was set, and if so it downloaded a binary payload into /tmp/git-updater.bin and executed it. The binary payload supported both Linux and macOS, but not Windows.
https://lwn.net/Articles/894808/
|
25 sources
Current Date
May, Sun 5 - 21:14 CEST
|