Crates.io: Malicious crates evm-units and uniswap-utils
7 days ago
- #cryptocurrency
- #security
- #malware
- On December 2nd, malicious crates 'evm-units' and 'uniswap-utils' were reported by Olivia Brown from Socket Threat Research Team.
- The crates were likely attempting to steal cryptocurrency, with 'evm-units' downloaded 7,257 times and 'uniswap-utils' downloaded 7,441 times.
- The user 'ablerust' was immediately disabled, and the crates were deleted from crates.io at 22:01 UTC on December 2nd.
- Socket has published their analysis in a blog post; the crates had no dependent downstream crates on crates.io.
- Thanks were given to Olivia Brown, Carol Nichols, Walter Pearce, and Adam Harvey for their assistance in the response.