Cybersecurity Alert: Five Malicious Rust Crates Disguised as Time Utilities Exfiltrate Sensitive Data

In a sophisticated supply chain attack that has sent shockwaves through the developer community, cybersecurity researchers have uncovered five malicious Rust crates masquerading as legitimate time-related utilities to steal sensitive information from unsuspecting developers.

The malicious packages—chrono_anchor, dnp3times, time_calibrator, time_calibrators, and time-sync—were published to crates.io between late February and early March 2026. These packages impersonate legitimate services and employ advanced techniques to exfiltrate .env files containing API keys, tokens, and other critical secrets.

The Anatomy of a Supply Chain Attack

According to security researcher Kirill Boychenko from Socket, the crates pose as local time utilities but harbor a far more sinister purpose: credential and secret theft. “Although the crates pose as local time utilities, their core behavior is credential and secret theft,” Boychenko stated in a comprehensive analysis published by Socket.

The attack demonstrates the evolving sophistication of threat actors who understand that developers trust packages based on their apparent utility rather than conducting thorough security audits. By mimicking the functionality of legitimate time synchronization tools, these malicious crates bypassed initial scrutiny.

How the Attack Works

The five packages employ varying levels of sophistication in their approach to data exfiltration:

Standard Exfiltration Packages:
Four of the five packages (dnp3times, time_calibrator, time_calibrators, and time-sync) use relatively straightforward methods to steal .env files. These packages attempt to collect sensitive data from developer environments and transmit it to threat actor-controlled infrastructure.

Advanced Obfuscation with chrono_anchor:
The fifth package, chrono_anchor, represents a more sophisticated threat. This crate implements advanced obfuscation techniques and operational changes specifically designed to avoid detection. The malicious code is hidden within a file named “guard.rs” and invoked through an “optional sync” helper function, making it appear benign to developers.

Unlike traditional malware that establishes persistence through services or scheduled tasks, chrono_anchor employs a unique strategy. It repeatedly attempts to exfiltrate .env secrets every time a developer’s Continuous Integration (CI) workflow calls the malicious code. This approach ensures that the malicious activity occurs in legitimate contexts, making detection significantly more challenging.

The Targeting Strategy

The threat actors specifically targeted .env files because of their critical importance in modern software development. These files typically contain:

• API keys and tokens
• Database credentials
• Cloud service authentication details
• Third-party service secrets
• GitHub and registry tokens

By compromising .env files, attackers can potentially gain access to cloud services, databases, and other critical infrastructure. The stolen credentials can be used to launch further attacks, establish persistence, or sell the information on underground markets.

The Broader Context: AI-Powered Bot Campaign

This discovery comes on the heels of another sophisticated attack campaign involving an AI-powered bot called hackerbot-claw. Between February 21 and February 28, 2026, this autonomous security research agent targeted major open-source repositories from Microsoft, Datadog, and Aqua Security.

The bot employed a multi-stage attack methodology:

1. Repository Scanning: Scanning public repositories for misconfigured CI/CD pipelines
2. Repository Forking: Creating copies of target repositories
3. Malicious Payload Delivery: Opening pull requests with trivial changes while concealing malicious payloads in branch names, file names, or CI scripts
4. CI Pipeline Exploitation: Triggering automatic workflow activation to execute malicious code on build servers
5. Data Exfiltration: Stealing secrets and access tokens

The Aqua Security Incident

One of the most significant targets was Aqua Security’s trivy repository, a popular security scanner. The attacker exploited a pull_request_target workflow vulnerability to steal a Personal Access Token (PAT) and subsequently take over the repository.

The attack escalated when the stolen credentials were used to push a malicious version of Trivy’s Visual Studio Code (VS Code) extension to the Open VSX registry. This compromised extension, versions 1.8.12 and 1.8.13, executed local AI coding assistants in highly permissive modes.

The VS Code Extension Compromise

The malicious extension exploited AI coding assistants including Claude, Codex, Gemini, GitHub Copilot CLI, and Kiro CLI. These agents were instructed to perform extensive system inspections, generate comprehensive reports of discovered information, and save the results to a GitHub repository named “posture-report-trivy” using the victim’s authenticated GitHub CLI session.

This attack vector is particularly concerning because it leverages the victim’s own authenticated sessions and trusted development tools to exfiltrate data. The use of AI coding assistants adds another layer of complexity, as these tools often have broad system access permissions.

Impact Assessment and Mitigation

For a system to be impacted by the VS Code extension issue, several prerequisites must be met:

• Installation of version 1.8.12 or 1.8.13 from Open VSX
• Installation of at least one targeted AI coding CLI
• Acceptance of permissive execution flags by the CLI
• Ability of the agent to access sensitive data on disk
• Installation and authentication of GitHub CLI (for version 1.8.13)

Users who may have been affected are advised to:

• Immediately remove the compromised extensions
• Check for unexpected repositories
• Rotate environment secrets
• Monitor for unusual activity in development environments

Lessons Learned

This series of attacks highlights several critical lessons for the software development community:

Supply Chain Vigilance: The sophistication of these attacks demonstrates that even seemingly benign packages can harbor malicious intent. Developers must scrutinize dependencies more carefully.

CI/CD Security: The exploitation of CI/CD pipelines shows that these automation tools can become attack vectors if not properly secured. Organizations should implement strict controls on workflow triggers and secret management.

AI Tool Security: The compromise of AI coding assistants reveals new attack surfaces as these tools become more integrated into development workflows. Security policies must evolve to address these emerging risks.

Rapid Response: The quick removal of malicious packages from crates.io demonstrates the importance of rapid response capabilities in package repositories.

Industry Response

Socket, the security firm that discovered and analyzed these threats, emphasized the high-impact nature of these low-complexity attacks. “This campaign shows that low-complexity supply chain malware can still deliver high-impact when it runs inside developer workspaces and CI jobs,” the company stated.

The company advises organizations to prioritize controls that stop malicious dependencies before they execute, including:

• Dependency scanning in CI/CD pipelines
• Network egress filtering to prevent data exfiltration
• Runtime monitoring for unusual behavior
• Regular audits of development environments

Tracking and Attribution

The attacks are being tracked under CVE identifier CVE-2026-28353 for the Aqua Security incident. The Rust crate campaign shows signs of being the work of a single threat actor, based on the use of consistent exfiltration methodology and the lookalike domain “timeapis[.]io” used to stash stolen data.

The sophistication and coordination of these attacks suggest a well-resourced threat actor with deep understanding of developer workflows and supply chain vulnerabilities. The use of AI-powered tools for reconnaissance and attack execution indicates a new era of automated cyber threats.

Conclusion

These incidents represent a significant escalation in supply chain attacks, demonstrating how threat actors are increasingly targeting the development ecosystem itself. The combination of malicious packages, AI-powered exploitation, and compromised development tools creates a multi-layered threat that is difficult to detect and mitigate.

As the software supply chain continues to grow in complexity, organizations must adopt a defense-in-depth approach that includes not just traditional security measures, but also developer education, automated scanning, and continuous monitoring of development environments. The cost of complacency in this new threat landscape could be catastrophic.

tags

Rust #Cybersecurity #SupplyChainAttack #MaliciousPackages #DataExfiltration #CICD #AIPoweredAttacks #DevSecOps #ThreatIntelligence #SoftwareSupplyChain

viralphrases

“Low-complexity malware delivering high-impact”
“AI-powered bot scanning public repositories”
“Chrono_anchor’s advanced obfuscation techniques”
“Supply chain attacks targeting developer ecosystems”
“Malicious VS Code extensions compromising AI assistants”
“Automated attack campaigns exploiting CI/CD pipelines”
“Threat actors impersonating legitimate services”
“Continuous exfiltration through legitimate workflows”
“AI coding assistants turned into data collection tools”
“Rapid response to supply chain compromises”
“Defense-in-depth for software supply chains”
“Developer education as critical security layer”
“Network egress filtering preventing data theft”
“Runtime monitoring for unusual behavior”
“Supply chain security as business imperative”

,