Malicious Rust Crate evm-units Serves Cross-Platform Payloads for Silent Execution

Socket Threat Research Team discovered a malicious Rust package named evm-units that disguises itself as an EVM version helper utility. The malicious crate downloads and silently executes operating system-specific payloads targeting different platforms. The attack appears to be designed for crypto theft operations, leveraging the trust in legitimate-looking development tools. This represents a supply chain attack targeting Rust developers working with Ethereum Virtual Machine related projects. The cross-platform nature of the payloads suggests a sophisticated operation aimed at maximizing victim reach across different operating systems.