Malicious Rust Package Targets Crypto Developers

A malicious Rust package named evm-units, authored by ablerust, was discovered by the Socket Threat Research Team. The package, disguised as an Ethereum Virtual Machine (EVM) utility, was downloaded over 7,000 times from Crates.io. It silently executes OS-specific payloads, targeting systems based on the presence of a specific antivirus software. The package was removed promptly after being reported. The incident highlights the growing trend of malware in open source ecosystems, particularly in cryptocurrency infrastructure.