Malicious code in replit_ruspty (crates.io)
The Rust crate replit_ruspty version 1.0.0 on crates.io was identified as malicious by the OpenSSF Package Analysis project. The package communicates with domains associated with malicious activity and executes commands consistent with malicious behavior.
- Disclosed
- Last updated
- Blast radius
- Unknown; depends on adoption of replit_ruspty 1.0.0
- Ecosystems
- Attack vectors
- Affected entities
- replit_ruspty · 1.0.0
The OpenSSF Package Analysis project identified replit_ruspty version 1.0.0 published on crates.io as containing malicious code. The analysis was conducted on the package hash 703ba59c0f40f937ba922d389d8beab406cc57110b792ed8d58ab7e8133c1712.
The malicious behavior includes communication with a domain associated with malicious activity and execution of commands consistent with malicious intent. The package was flagged under the OpenSSF's malicious packages database (MAL-2025-49350).
This appears to be a case of a malicious package directly published to the Rust package registry, rather than a compromised legitimate project. Users who have installed replit_ruspty 1.0.0 should immediately remove the dependency and audit their systems for compromise.
Indicators of compromise
- Packages
- replit_ruspty@1.0.0
- Hashes
- 703ba59c0f40f937ba922d389d8beab406cc57110b792ed8d58ab7e8133c1712
Remediation
- Remove replit_ruspty 1.0.0 from all projects and dependencies
- Audit systems that may have executed code from replit_ruspty 1.0.0 for signs of compromise
- Review crates.io for any other suspicious packages from the same author
- Monitor for any malicious network connections or command execution that may have occurred during installation or use
Sources
- GitHub Advisory GHSA-943g-w75h-8v9h · GitHub Advisory Database
Cite this entry
"Malicious code in replit_ruspty (crates.io)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 18, 2026; last updated July 18, 2026. https://supplychainattack.org/incident/malicious-code-in-replit-ruspty-crates-io-194fia
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- containedcritical
Malicious code in proton_pfff (crates.io)
The Rust crate proton-pfff version 99.99.5 on crates.io was identified as malicious by the OpenSSF Package Analysis project. The package communicates with domains associated with malicious activity and executes commands consistent with malicious behavior.
CargoCompromised package - containedcritical
Malicious code in mysten_metrics (crates.io)
The Rust crate mysten-metrics version 9.0.3 on crates.io was identified as malicious by the OpenSSF Package Analysis project. The package executes commands associated with malicious behavior.
CargoCompromised package - resolvedcritical
Malicious code in littest (crates.io)
The Rust crate 'littest' version 0.3.1 on crates.io was identified as malicious by the OpenSSF Package Analysis project. The package communicates with a domain associated with malicious activity.
CargoCompromised package - containedcritical
Malicious code in amzn_codewhisperer_streaming_client (crates.io)
The Rust crate amzn-codewhisperer-streaming-client version 99.0.1 on crates.io was identified as malicious by the OpenSSF Package Analysis project. The package communicates with domains associated with malicious activity and executes commands consistent with malicious behavior.
CargoCompromised package