CrateDepression - Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware
We suspect that the campaign includes the impersonation of a known Rust developer to poison the well with source code that relies on the typosquatted malicious dependency and sets off the infection chain. ... A subsequent investigation by the crates.io security team and Rust Security Response working group turned up 15 iterative versions of the malicious ‘rustdecimal’ as the attacker(s) tested different approaches and refinements. Malware: CrateDepression, RustDecimal Tags: Intel, Apple, ThreatActors, BigTechCompanies, Fortune500Companies, CrateDepression [View Article](https://www.sentinelone.com/labs/cratedepression-rust-supply-chain-attack-infects-cloud-ci-pipelines-with-go-malware/)