mirror of
https://github.com/rustsec/advisory-db.git
synced 2026-07-16 00:12:29 -04:00
Add advisory for malicious crate microsoftsystem64
This commit is contained in:
committed by
Dirkjan Ochtman
parent
f0bc154a63
commit
29ac187a34
19
crates/microsoftsystem64/RUSTSEC-0000-0000.md
Normal file
19
crates/microsoftsystem64/RUSTSEC-0000-0000.md
Normal file
@@ -0,0 +1,19 @@
|
||||
```toml
|
||||
[advisory]
|
||||
id = "RUSTSEC-0000-0000"
|
||||
package = "microsoftsystem64"
|
||||
date = "2026-04-13"
|
||||
expect-deleted = true
|
||||
categories = ["malicious"]
|
||||
|
||||
[versions]
|
||||
patched = []
|
||||
```
|
||||
|
||||
# `microsoftsystem64` was removed from crates.io for malicious code
|
||||
|
||||
`microsoftsystem64` installs a hardcoded SSH authorized_keys entry (persistence/backdoor) and scans for sensitive files (.env, credential-like JSON names, keyword-matching docs), reads their contents, base64-encodes where needed, and exfiltrates everything to a remote server via HTTP. It also packages and uploads Telegram Desktop tdata, indicating targeted credential/session/data harvesting.
|
||||
|
||||
The malicious crate had 9 versions published on 2026-04-09 that had a total of 6404 downloads. There were no crates depending on this crate on crates.io.
|
||||
|
||||
Thanks to [Socket.dev](https://socket.dev/) for detecting and reporting this to the crates.io team!
|
||||
Reference in New Issue
Block a user