How a Rust Supply-Chain Attack Infected Cloud CI Pipelines with Go Malware

Sentinel Labs provides malware and threat intelligence analysis for the security of enterprises using the SentinelOne platform.

On Thursday, they announced “ a supply-chain attack against the Rust development community which we refer to as” “CrateDepression.”

On the 10th of May 2022, the Rust Security Response Work Group issued an advisory informing the public of the existence of a malicious crate by the Rust dependency community repository. The malicious dependency scans for environmental variables, which suggest an interest solely in the GitLab Continuous Integration (CI) pipelines.

Infected CI pipelines receive a second-stage payment. We have identified the payment methods as Go binaries that are based on the red-teaming framework Mythic. Due to the people that are targeted, this attack could provide a platform for supply chain attacks later on at a greater scale in comparison to the pipelines for development that are affected. We believe that the attack involves impersonating a well-known Rust developer to infect the well by introducing source code that is based on the malicious dependency that triggers an infection chain. To deceive Rust developers, the malicious crate typesquats against the well-known rust_decimal programme are used to perform fractional financial calculations.

The malicious programme was first discovered by a keen user and it was then reported to the official account on github, rust_decimal. Both [Linux ] and macOSversions serve as backdoors that can be used for any purpose, filled with functions that permit attackers to gain access to the host infected, continue by logging keystrokes, inject additional stages, screencapture, or even remotely manage through a variety of methods.

Software supply chain attacks have evolved from being a rarity to an extremely popular strategy for attackers to “fish with dynamite” to attempt to infect large users in one go. In CrateDepression’s case, the targeted interest in cloud-based environments for building software indicates attackers may try to exploit these vulnerabilities for more extensive supply chain attacks.

How a Rust Supply-Chain Attack Infected Cloud CI Pipelines with Go Malware
rust infected cloud ci pipelines go
how rust attack infected ci pipelines
how rust supplychain attack infected ci
rust supplychain attack infected cloud ci
rust supplychain infected ci go malware
how rust infected ci pipelines malware
rust supplychain infected cloud ci malware
how rust supplychain attack ci go
rust supplychain cloud ci pipelines malware
how rust supplychain cloud ci malware
how rust infected cloud go malware
supplychain attack infected cloud ci pipelines
how rust supplychain cloud ci go
rust cloud ci pipelines go malware