Skip to content
supplychainattack.orgSupply chain attack incident catalog
containedcritical

Malicious code in amzn_consolas_client (crates.io)

The Rust crate amzn-consolas-client version 99.0.1 on crates.io was identified as malicious by the OpenSSF Package Analysis project. The package communicates with domains associated with malicious activity and executes commands consistent with malicious behavior.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
All users who installed amzn-consolas-client version 99.0.1 from crates.io
Ecosystems
Attack vectors
Affected entities
  • amzn-consolas-client · 99.0.1

The OpenSSF Package Analysis project identified amzn-consolas-client version 99.0.1 published on crates.io as containing malicious code. The package was flagged under identifier MAL-2026-3101.\n\nAnalysis revealed two key indicators of malicious intent: the package establishes communication with a domain associated with known malicious activity, and it executes one or more commands consistent with malicious behavior patterns.\n\nThe malicious package was published to the public Rust package registry (crates.io), potentially exposing any developer who installed this specific version to compromise.

Indicators of compromise

Packages
  • amzn-consolas-client@99.0.1

Remediation

  • Immediately remove amzn-consolas-client version 99.0.1 from all projects and dependencies
  • Audit build logs and system activity for any suspicious behavior or unauthorized access during the period the malicious package was installed
  • Review and rotate any credentials or secrets that may have been exposed on systems where the package was installed
  • Update to a safe version of the package if a legitimate version exists, or identify an alternative package
  • Monitor for indicators of compromise on affected systems

Sources

  1. GitHub Advisory GHSA-7jx2-pf66-g5qj · GitHub Advisory Database

Cite this entry

"Malicious code in amzn_consolas_client (crates.io)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 18, 2026; last updated July 18, 2026. https://supplychainattack.org/incident/malicious-code-in-amzn-consolas-client-crates-io-mszyv9

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. containedcritical

    Malicious code in proton_pfff (crates.io)

    The Rust crate proton-pfff version 99.99.5 on crates.io was identified as malicious by the OpenSSF Package Analysis project. The package communicates with domains associated with malicious activity and executes commands consistent with malicious behavior.

    CargoCompromised package
  2. containedcritical

    Malicious code in mysten_metrics (crates.io)

    The Rust crate mysten-metrics version 9.0.3 on crates.io was identified as malicious by the OpenSSF Package Analysis project. The package executes commands associated with malicious behavior.

    CargoCompromised package
  3. resolvedcritical

    Malicious code in littest (crates.io)

    The Rust crate 'littest' version 0.3.1 on crates.io was identified as malicious by the OpenSSF Package Analysis project. The package communicates with a domain associated with malicious activity.

    CargoCompromised package
  4. containedcritical

    Malicious code in amzn_codewhisperer_streaming_client (crates.io)

    The Rust crate amzn-codewhisperer-streaming-client version 99.0.1 on crates.io was identified as malicious by the OpenSSF Package Analysis project. The package communicates with domains associated with malicious activity and executes commands consistent with malicious behavior.

    CargoCompromised package