top of page
perceptive_background_267k.jpg

Socket found a Rust typosquat (finch-rust) that loads sha-rust to steal credentials, using impersonation and an unpinned dependency to auto-deliver updates.

Published:

5 December 2025 at 17:16:31

Alert date:

5 December 2025 at 18:01:16

Source:

socket.dev

Click to open the original link from this advisory

Socket's Threat Research Team discovered two malicious Rust crates using typosquatting techniques to target developers. The primary malicious crate 'finch-rust' mimics the legitimate 'finch' package and loads a hidden dependency 'sha-rust' to steal credentials. The attack uses impersonation tactics and unpinned dependencies to automatically deliver malicious updates to victims. This represents a supply chain attack specifically targeting the Rust ecosystem through package repository manipulation.

Technical details

Mitigation steps:

Affected products:

Rust
Cargo
finch-rust
sha-rust

Related links:

https://socket.dev/blog/malicious-crate-mimicking-finch-exfiltrates-credentials?utm_medium=feed
https://socket.dev/cargo/package/finch-rust/overview/0.6.2

Related CVE's:

Related threat actors:

IOC's:

finch-rust, sha-rust

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page