Add advisory for malicious crate microsoftsystem64

This commit is contained in:
GrassedgeT
2026-04-13 20:36:51 +08:00
committed by Dirkjan Ochtman
parent f0bc154a63
commit 29ac187a34

View File

@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "microsoftsystem64"
date = "2026-04-13"
expect-deleted = true
categories = ["malicious"]
[versions]
patched = []
```
# `microsoftsystem64` was removed from crates.io for malicious code
`microsoftsystem64` installs a hardcoded SSH authorized_keys entry (persistence/backdoor) and scans for sensitive files (.env, credential-like JSON names, keyword-matching docs), reads their contents, base64-encodes where needed, and exfiltrates everything to a remote server via HTTP. It also packages and uploads Telegram Desktop tdata, indicating targeted credential/session/data harvesting.
The malicious crate had 9 versions published on 2026-04-09 that had a total of 6404 downloads. There were no crates depending on this crate on crates.io.
Thanks to [Socket.dev](https://socket.dev/) for detecting and reporting this to the crates.io team!