Seriously more effort and investment should be put into code scanners if we want a bright future to modern software development
this post was submitted on 25 Sep 2025
33 points (100.0% liked)
Rust
7357 readers
38 users here now
Welcome to the Rust community! This is a place to discuss about the Rust programming language.
Wormhole
Credits
- The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)
founded 2 years ago
MODERATORS
Not again...
As long as people are using Rust, it will necessarily attract this kind of action. This won't be the last attack we will see.
I think the team has handled it quite well.
What are the proper crates that the malicious ones were pretending to be? (I'm new to Rust)
Both were impersonating fast_log.
Thanks :)
async_println is a part of fast_log?
Both faster_log and async_println were purely malicious packages (not taken over and turned malicious).
I know faster_log is typosquatting / luring fast_log users but I’m not sure about about async_println (which was a clone of the malicious faster_log).
async_std::print is a thing so I guess trying to lure users who search crates before docs :shrug:
I mean, if you want your prints to be asynchronous you’re looking for trouble to begin with.
The previous statement is a joke.