Socket Threat Research Team discovered a malicious Rust package named evm-units that disguises itself as an Ethereum Virtual Machine (EVM) version helper utility. The malicious crate downloads and silently executes operating system-specific payloads across multiple platforms. The attack appears to be designed for cryptocurrency theft operations. This represents a supply chain attack targeting the Rust ecosystem, similar to attacks seen in other package repositories. The malware's cross-platform capabilities and silent execution make it particularly dangerous for developers who might unknowingly include it in their projects.