Evm-units cross-platform loader
Malware Activity
Summary
Hide ▲
Show ▼
The malicious evm-units Rust crate is now confirmed as a cross-platform loader that steals execution on Windows, macOS, and Linux developer machines. It masquerades as an Ethereum Virtual Machine helper, then fetches and runs OS-specific second-stage payloads to hide its activity. The behavior matters because the package was distributed through crates.io and pulled into uniswap-utils, expanding the reach of the supply-chain compromise.
Related Happenings
Plain-crypto-js remote-access Trojan delivery
Malware Activity
First: 31.03.2026 23:55
Last: 31.03.2026 23:55
Sources 1
About this happening:
The malicious **plain-crypto-js** dependency delivered a **remote-access Trojan (RAT)** that can run on **Windows, Linux, and Mac**, extending the open-source supply-chain comprom...
Plain-crypto-js remote-access Trojan delivery
Malware ActivityAbout this happening: The malicious **plain-crypto-js** dependency delivered a **remote-access Trojan (RAT)** that can run on **Windows, Linux, and Mac**, extending the open-source supply-chain comprom...
Latest development: 04.04.2026 23:30
Google Threat Intelligence Group linked the Axios npm compromise to UNC1069, a financially motivated North Korea-nexus threat actor, based on the use of WAVESHAPER.V2 and overlaps with infrastructure artifacts used by UNC1069 in past activity. The Axios maintainers also wiped affected systems, reset all credentials, and are implementing changes to prevent similar incidents.
Axios package cross-platform RAT delivery
Malware Activity
First: 31.03.2026 16:53
Last: 31.03.2026 16:53
Sources 1
About this happening:
A **malicious Axios package payload** now delivers a **remote access trojan** to **Windows, macOS, and Linux** hosts, creating cross-platform compromise risk. The infection begins...
Axios package cross-platform RAT delivery
Malware ActivityAbout this happening: A **malicious Axios package payload** now delivers a **remote access trojan** to **Windows, macOS, and Linux** hosts, creating cross-platform compromise risk. The infection begins...
Sympy-dev malicious PyPI package delivers XMRig payloads on Linux
Malware Activity
First: 22.01.2026 12:04
Last: 22.01.2026 12:04
Sources 1
About this happening:
The malicious **sympy-dev** package on **PyPI** impersonates **SymPy** and delivers a **downloader** that can fetch and execute **XMRig**-related payloads on **Linux hosts**, crea...
Sympy-dev malicious PyPI package delivers XMRig payloads on Linux
Malware ActivityAbout this happening: The malicious **sympy-dev** package on **PyPI** impersonates **SymPy** and delivers a **downloader** that can fetch and execute **XMRig**-related payloads on **Linux hosts**, crea...
Timeline
-
03.12.2025 10:39 2 articles · 5mo ago
Evm-units cross-platform loader
Initial DisclosureThe first phase was the publication of **evm-units** on **crates.io** as a fake EVM helper in **mid-April 2025**. That initial deception gave the package time to gain downloads and seed the dependency chain before its loader behavior was identified.
Show sources
- Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems — thehackernews.com — 03.12.2025 10:39
- Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems — thehackernews.com — 03.12.2025 10:39