Thursday, January 20, 2022

Backdooring Rust crates for fun and profit

Supply chains attacks are all the rage these days, whether to deliver RATs, cryptocurrencies miners, or credential stealers.

In Rust, packages are called crates and are (most of the time) hosted on a central repository: https://crates.io for better discoverability.

We are going to study 8 techniques to achieve Remote Code Execution (RCE) on developers’, CI/CD, or users’ machines. I voluntarily ignored perniciously backdoored algorithms such as cryptographic primitives or obfuscated code becaus…

Read More

Latest news
Related news