According to software supply chain security company Phylum, a malware attack that appeared to be the first stage of one aimed at developers recently targeted the Crates.io Rust package registry.
Threat actors frequently use software development package registries and typosquatting to spread malware to Node.js and Python developers. In these kinds of attacks, hackers frequently produce packages with variants of well-known package names that are misspelt or typosquatted.
After a few days or weeks, the threat actor adds malicious functionality that they can use to attack developers who download their package rather than the original one.
Read More: Signs of Malware Attack Targeting Rust Developers Found on Crates.io
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
