- Reported
-
- Issued
-
- Package
-
microsoftsystem64
- Type
-
Vulnerability
- Categories
-
- Patched
-
no patched versions
Description
microsoftsystem64 installs a hardcoded SSH authorized_keys entry (persistence/backdoor) and scans for sensitive files (.env, credential-like JSON names, keyword-matching docs), reads their contents, base64-encodes where needed, and exfiltrates everything to a remote server via HTTP. It also packages and uploads Telegram Desktop tdata, indicating targeted credential/session/data harvesting.
The malicious crate had 9 versions published on 2026-04-09 that had a total of 6346 downloads. There were no crates depending on this crate on crates.io.
Thanks to Socket.dev and sitsh for detecting and reporting this to the crates.io team!
Advisory available under CC0-1.0
license.