Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Zerowl

March 11, 2026

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Cybersecurity researchers have found five harmful Rust crates that pretend to be time-related tools in order to send .env file data to the bad guys. The Rust packages that were published to crates.io are: chrono_anchor, dnp3times, time_calibrator, time_calibrators, and time-sync. The crates, which were published between late February and early March 2026, pretend to be timeapi.io.

Based on the use of the same exfiltration method and the similar domain name ("timeapis[. ]io") to hide the stolen data, it is thought to be the work of one threat actor. "Even though the crates look like local time utilities, their main purpose is to steal credentials and secrets," said security researcher Kirill Boychenko.

"They try to get sensitive information from developer environments, especially .env files, and send it to infrastructure that is controlled by threat actors." Four of the packages above can easily exfiltrate .env files, but "chrono_anchor" goes a step further by using obfuscation and operational changes to avoid detection. "The stolen credential was then used to take over the repository."

Last week, Aqua Security's Itay Shakury said that the attacker used the GitHub Actions workflow to send a bad version of Trivy's Visual Studio Code (VS Code) extension to the Open VSX registry. This allowed local AI coding agents to gather and steal sensitive data.

Socket, which also looked into the extension compromise, said that the injected logic in versions 1.8.12 and 1.8.13 runs local AI coding assistants like Claude, Codex, Gemini, GitHub Copilot CLI, and Kiro CLI in very permissive modes. It tells them to do a thorough system check, make a report of what they find, and save the results to a GitHub repository called "posture-report-trivy" using the victim's own authenticated GitHub CLI session. Aqua has since taken the artifacts off the market and taken back the token that was used to post them.

People who installed the extensions should take them off right away, look for any unexpected repositories, and change their environment secrets. The bad file has been deleted.

Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets

Trending News

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Wartime Usage of Compromised IP Cameras Highlight Their Danger

Wartime Usage of Compromised IP Cameras Highlight Their Danger

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

China improves the backdoor it uses to spy on telecom companies around the world.

China improves the backdoor it uses to spy on telecom companies around the world.

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Attacks on infrastructure that have physical effects are down 25%.

Attacks on infrastructure that have physical effects are down 25%.

How mistakes can help businesses improve their security programs

How mistakes can help businesses improve their security programs