Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys socket.dev/blog/two-…

Socket’s Threat Research Team identified two malicious Rust crates, faster_log and async_println, that impersonate the legitimate fast_log library. Published by the threat actor under the aliases rustguruman and dumbnbased, the crates include working logging code for cover and embed routines that scan source files for Solana and Ethereum private keys, then exfiltrate matches via HTTP POST to a hardcoded command and control (C2) endpoint (mainnet[.]solana-rpc-pool[.]workers[.]dev/). Combined, the two crates were downloaded 8,424 times and were published on May 25, 2025.