The logflux crate attempted to download and run a malicious payload on the user's machine.

The malicious crate had 1 version published on 2026-04-26, approximately 1 month before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io.

Thanks to Paweł Bis for discovering and reporting this crate!

This appears to have been part of a campaign targeting people applying for Rust jobs. Please be careful with take-home assignments, especially if they ask you to use specific dependencies.