PT-2025-54755 · Crates.Io · Sha-Rust
Published
2025-12-09
·
Updated
2025-12-09
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
This crate was used as a dependency by
finch cli rust and finch-rst and
contained a malware payload to exfiltrate credentials.The malicious crate had 1 version published on 2025-12-08 and had been
downloaded 22 times. Other than the other crates above that were part of the
attack, no other crates depedended on this crate.
Thanks to Matthias Zepper of NGI Sweden for
reporting this to the crates.io team!
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sha-Rust