Malicious Rust Crate evm-units Serves Cross-Platform Payloads

Malicious Rust Crate evm-units Serves Cross-Platform Payloads for Silent Execution socket.dev/blog/mali… The Socket Threat Research Team has identified a malicious Rust package, evm-units, published by “ablerust” and downloaded more than seven thousand times. The package checks the victim’s operating system and whether Qihoo360 antivirus is installed, then retrieves a tailored payload, writes it to the system’s temporary directory and executes it silently. To avoid suspicion, the package appears to return an Ethereum version number. Its naming conventions and behaviour — posing as EVM utilities or a Uniswap helper library, combined with Qihoo360 targeting and a multi-OS loader pattern — suggest the payload likely aims to steal cryptocurrency. The focus on Qihoo360, a widely used Chinese antivirus product, indicates a likely targeting of Asian markets. The crate remained on Crates.io for eight months before being removed within minutes of the report.