crates.io 事件回顾:用户上传恶意软件
原文英文,约500词,阅读约需2分钟。发表于: 。Summary On August 16, the crates.io team was notified by Louis Lang at Phylum of a new user who had uploaded nine crates that typosquatted1 popular crates with ill intent. The crates were...
crates.io团队收到了Phylum的通知,有用户上传了九个恶意的crates,已被撤销并删除。这些crates包含恶意的build.rs文件,试图发送用户计算机的元数据。Rust基金会将扫描所有crate上传并实施扫描器。感谢Phylum的Louis Lang、Josh Stone和Rust基金会的Walter Pearce的帮助和支持。