Crates.io Phishing Attempt
8 months ago
- #security
- #Rust
- #phishing
- A phishing attempt targeted crates.io, the main public repository for Rust crates.
- The phishing email led to a fake GitHub login page.
- Several maintainers received the phishing email, and the issue is being discussed on GitHub.
- The crates.io team has acknowledged the attack and is investigating possible actions.
- No compromised packages have been identified as of September 12, 14:10 UTC.
- The article also mentions the popularity of the 'zip' crate in Rust for decompressing ZIP files.
- Some applications prefer using asynchronous I/O for decompressing archives downloaded from the network.