From 3a4b78212a1489a229d88a0f98dd6801e1296e68 Mon Sep 17 00:00:00 2001 From: "Carol (Nichols || Goulding)" Date: Wed, 3 Dec 2025 15:49:22 -0500 Subject: [PATCH 1/2] Malicious crates announcement --- ...ious-crates-evm-units-and-uniswap-utils.md | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 content/crates.io-malicious-crates-evm-units-and-uniswap-utils.md diff --git a/content/crates.io-malicious-crates-evm-units-and-uniswap-utils.md b/content/crates.io-malicious-crates-evm-units-and-uniswap-utils.md new file mode 100644 index 000000000..5bc6bf812 --- /dev/null +++ b/content/crates.io-malicious-crates-evm-units-and-uniswap-utils.md @@ -0,0 +1,37 @@ ++++ +path = "2025/12/03/crates.io-malicious-crates-evm-units-and-uniswap-utils" +title = "crates.io: Malicious crates evm-units and uniswap-utils" +authors = ["Walter Pearce"] + +[extra] +team = "the crates.io team" +team_url = "https://www.rust-lang.org/governance/teams/dev-tools#team-crates-io" ++++ + +## Summary + +On December 2nd, the crates.io team was notified by Olivia Brown from the [Socket Threat Research Team][socket] of two malicious crates which were downloading a payload that was likely attempting to steal cryptocurrency. + +These crates were: + +- `evm-units` - 13 versions published in April 2025, downloaded 7257 times +- `uniswap-utils` - 14 versions published in April 2025, downloaded 7441 times, used `evm-units` as a dependency + +## Actions taken + +The user in question, `ablerust`, was immediately disabled, and the crates in question were deleted from crates.io shortly after. We have retained the malicious crate files for further analysis. + +The deletions were performed at 22:01 UTC on December 2nd. + +## Analysis + +[Socket has published their analysis in a blog post](https://socket.dev/blog/malicious-rust-crate-evm-units-serves-cross-platform-payloads). + +These crates had no dependent downstream crates on crates.io. + +## Thanks + +Our thanks to Olivia Brown from the [Socket Threat Research Team][socket] for reporting the crates. We also want to thank Carol Nichols from the crates.io team and Walter Pearce and Adam Harvey from the [Rust Foundation](foundation) for aiding in the response. + +[foundation]: https://foundation.rust-lang.org/ +[socket]: https://www.socket.dev/ From a669a9a3d5c942583cf1d4cbb041ba5e25488c9c Mon Sep 17 00:00:00 2001 From: "Carol (Nichols || Goulding)" <193874+carols10cents@users.noreply.github.com> Date: Wed, 3 Dec 2025 16:16:29 -0500 Subject: [PATCH 2/2] Fix markdown link Thanks Adam! Co-authored-by: Adam Harvey --- .../crates.io-malicious-crates-evm-units-and-uniswap-utils.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/crates.io-malicious-crates-evm-units-and-uniswap-utils.md b/content/crates.io-malicious-crates-evm-units-and-uniswap-utils.md index 5bc6bf812..a3a3b9f75 100644 --- a/content/crates.io-malicious-crates-evm-units-and-uniswap-utils.md +++ b/content/crates.io-malicious-crates-evm-units-and-uniswap-utils.md @@ -31,7 +31,7 @@ These crates had no dependent downstream crates on crates.io. ## Thanks -Our thanks to Olivia Brown from the [Socket Threat Research Team][socket] for reporting the crates. We also want to thank Carol Nichols from the crates.io team and Walter Pearce and Adam Harvey from the [Rust Foundation](foundation) for aiding in the response. +Our thanks to Olivia Brown from the [Socket Threat Research Team][socket] for reporting the crates. We also want to thank Carol Nichols from the crates.io team and Walter Pearce and Adam Harvey from the [Rust Foundation][foundation] for aiding in the response. [foundation]: https://foundation.rust-lang.org/ [socket]: https://www.socket.dev/