Navigation
Recherche
|
The malicious "rustdecimal" crate
mercredi 11 mai 2022, 15:55 , par LWN.net
The Rust Blog warns
developers of a malicious crate named rustdecimal, which was evidently targeted at GitLab users who mistype rust_decimal. The crate contained identical source code and functionality as the legit rust_decimal crate, except for the Decimal::new function. When the function was called, it checked whether the GITLAB_CI environment variable was set, and if so it downloaded a binary payload into /tmp/git-updater.bin and executed it. The binary payload supported both Linux and macOS, but not Windows.
https://lwn.net/Articles/894808/
|
56 sources (32 en français)
Date Actuelle
jeu. 25 avril - 21:02 CEST
|