Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

The Hacker News by The Hacker News
December 3, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Dec 03, 2025Ravie LakshmananMalware / Web3 Security

Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, macOS, and Linux systems, and features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool.

The Rust crate, named “evm-units,” was uploaded to crates.io in mid-April 2025 by a user named “ablerust,” attracting more than 7,000 downloads over the past eight months. Another package created by the same author, “uniswap-utils,” listed “evm-units” as a dependency. It was downloaded over 7,400 times. The packages have since been removed from the package repository.

Cybersecurity

“Based on the victim’s operating system and whether Qihoo 360 antivirus is running, the package downloads a payload, writes it to the system temp directory, and silently executes it,” Socket security researcher Olivia Brown said in a report. “The package appears to return the Ethereum version number, so the victim is none the wiser.”

A notable aspect of the package is that it is explicitly designed to check for the presence of the “qhsafetray.exe” process, an executable file associated with 360 Total Security, an antivirus software developed by Chinese security vendor Qihoo 360.

Specifically, the package is designed to invoke a seemingly harmless function named “get_evm_version(),” which decodes and reaches out to an external URL (“download.videotalks[.]xyz”) to fetch a next-stage payload depending on the operating system on which it’s being run –

  • On Linux, it downloads a script, saves it in /tmp/init, and runs it in the background using the nohup command, enabling the attacker to gain full control
  • On macOS, it downloads a file called init and runs it using osascript in the background with the nohup command
  • On Windows, it downloads and saves the payload as a PowerShell script file (“init.ps1”) in the temp directory and checks running processes for “qhsafetray.exe,” before invoking the script

In the event the process is not present, it creates a Visual Basic Script wrapper that runs a hidden PowerShell script with no visible window. If the antivirus process is detected, it slightly alters its execution flow by directly invoking PowerShell.

Cybersecurity

“This focus on Qihoo 360 is a rare, explicit, China-focused targeting indicator, because it is a leading Chinese internet company,” Brown said. “It fits the crypto-theft profile, as Asia is one of the largest global markets for retail cryptocurrency activity.”

The references to EVM and Uniswap, a decentralized cryptocurrency exchange protocol built on the Ethereum blockchain, indicate that the supply chain incident is designed to target developers in the Web3 space by passing off the packages as Ethereum-related utilities.

“Ablerust, the threat actor responsible for the malicious code, embedded a cross-platform second-stage loader inside a seemingly harmless function,” Brown said. “Worse, the dependency was pulled into another widely used package (uniswap-utils), allowing the malicious code to execute automatically during initialization.”



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Recommended.

China Unicom Launches AI Unites All Plan to Bridge Digital Divide Via Industry Intelligence Supported by Huawei

China Unicom Launches AI Unites All Plan to Bridge Digital Divide Via Industry Intelligence Supported by Huawei

March 4, 2025
Hisense arrive en tête des classements mondiaux du premier trimestre 2025 pour les téléviseurs MiniLED, les téléviseurs de 100 pouces et plus et les téléviseurs laser

Hisense arrive en tête des classements mondiaux du premier trimestre 2025 pour les téléviseurs MiniLED, les téléviseurs de 100 pouces et plus et les téléviseurs laser

June 7, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio