Tools

Tools: GHSA-6662-54XR-8423: The Trojan Horse in Your Cargo.toml: Deconstructing the 'evm-units' Supply Chain Attack

2026-02-07 0 views admin
Tools: GHSA-6662-54XR-8423: The Trojan Horse in Your Cargo.toml: Deconstructing the 'evm-units' Supply Chain Attack

The Trojan Horse in Your Cargo.toml: Deconstructing the 'evm-units' Supply Chain Attack ## ⚠️ Exploit Status: ACTIVE ## Technical Details ## Affected Systems ## Exploit Details ## Mitigation Strategies ## References Vulnerability ID: GHSA-6662-54XR-8423 CVSS Score: 10.0 Published: 2026-02-06 For eight months, a malicious Rust crate named 'evm-units' sat quietly on crates.io, masquerading as a harmless utility for Ethereum unit conversion. Behind the scenes, it was a sophisticated supply chain attack targeting Web3 developers. By abusing the Rust build process, it executed cross-platform malware the moment a developer compiled their project, compromising over 7,400 environments before its removal in December 2025. A malicious Rust package ('evm-units') infected ~7,400 developer machines by executing malware via the 'build.rs' script during compilation. It targeted Windows, Linux, and macOS systems to steal crypto-wallets and credentials. Read the full report for GHSA-6662-54XR-8423 on our website for more details including interactive diagrams and full exploit analysis. Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to ? It will become hidden in your post, but will still be visible via the comment's permalink. as well , this person and/or - CWE ID: CWE-506 - Attack Vector: Supply Chain / Typosquatting - Severity: Critical (Malware) - Downloads: ~7,400 - Campaign: Kimwolf - Platform: Cross-Platform (Windows, Linux, macOS) - Rust Development Environments - CI/CD Pipelines Building Rust Projects - Web3/Blockchain Development Workstations - evm-units: All versions (Fixed in: N/A (Remove)) - Socket Research: Analysis of the build.rs execution flow and payload retrieval. - Implement dependency vetting using tools like 'cargo-vet' or 'cargo-crev'. - Block outbound network connections during build steps where possible. - Use 'cargo-audit' in CI/CD pipelines to catch known vulnerabilities early. - Pin dependency versions and commit 'Cargo.lock' to version control. - Identify if 'evm-units' is present in 'Cargo.lock'. - Isolate the infected machine from the network immediately. - Rotate all secrets (SSH, AWS, GPG, Wallet Seeds) exposed to the environment. - Format the storage drive and reinstall the operating system (Scorched Earth). - Audit git logs for unauthorized commits made by the compromised user. - GHSA-6662-54XR-8423 Advisory - Socket Analysis of evm-units - Vx-Underground Malware Samples

🏷️ Tags

toolsutilitiessecurity toolstrojanhorsecargodeconstructingunitssupplychain

More from Tools

Tools: How We Generate AI Network Digests for MegaETH at MiniBlocks.io

Tools: How We Generate AI Network Digests for MegaETH at MiniBlocks.io

2026-03-07 0
Tools: How My AI Agent's Memory Created an Optimism Feedback Loop

Tools: How My AI Agent's Memory Created an Optimism Feedback Loop

2026-03-07 0
Tools: Your Boss Can Read Your Mind Now: The AI Surveillance Explosion in the American Workplace

Tools: Your Boss Can Read Your Mind Now: The AI Surveillance Explosion in the American Workplace

2026-03-07 0
Tools: Surveillance Capitalism Is the Business Model of AI — And You're the Product

Tools: Surveillance Capitalism Is the Business Model of AI — And You're the Product

2026-03-07 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views