Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors.
The Rust packages, published to crates.io, are listed below –
chrono_anchor
dnp3times
time_calibrator
time_calibrators
time-sync
The crates, per Socket, impersonate timeapi.io and were published between late February and early March