Malicious Rust Crates and AI Bot Target CI/CD Pipelines to Steal Secrets
Summary
Hide ▲
Show ▼
Five malicious Rust crates were discovered masquerading as time-related utilities to exfiltrate .env files containing sensitive developer secrets. Additionally, an AI-powered bot named hackerbot-claw targeted CI/CD pipelines in major open-source repositories to harvest developer secrets. The Rust crates were published between late February and early March 2026, while the AI bot campaign occurred between February 21 and February 28, 2026. The impact includes potential compromise of downstream users and deeper access to environments, including cloud services and GitHub tokens.
Timeline
-
11.03.2026 07:12 1 articles · 6h ago
Malicious Rust Crates and AI Bot Campaign Target CI/CD Pipelines
Between late February and early March 2026, five malicious Rust crates were published to exfiltrate .env files. Between February 21 and February 28, 2026, an AI-powered bot named hackerbot-claw targeted CI/CD pipelines in major open-source repositories to harvest developer secrets. The compromised Trivy VS Code extension versions 1.8.12 and 1.8.13 executed local AI coding assistants to collect and exfiltrate sensitive information.
Show sources
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets — thehackernews.com — 11.03.2026 07:12
Information Snippets
-
Five malicious Rust crates (chrono_anchor, dnp3times, time_calibrator, time_calibrators, time-sync) were discovered on crates.io, impersonating timeapi.io.
First reported: 11.03.2026 07:121 source, 1 articleShow sources
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets — thehackernews.com — 11.03.2026 07:12
-
The crates exfiltrated .env files containing sensitive data to a threat actor-controlled domain (timeapis[.]io).
First reported: 11.03.2026 07:121 source, 1 articleShow sources
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets — thehackernews.com — 11.03.2026 07:12
-
The chrono_anchor crate used obfuscation and operational changes to avoid detection, exfiltrating .env secrets every time the developer calls the malicious code.
First reported: 11.03.2026 07:121 source, 1 articleShow sources
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets — thehackernews.com — 11.03.2026 07:12
-
An AI-powered bot named hackerbot-claw targeted CI/CD pipelines in repositories belonging to Microsoft, Datadog, and Aqua Security.
First reported: 11.03.2026 07:121 source, 1 articleShow sources
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets — thehackernews.com — 11.03.2026 07:12
-
The bot exploited misconfigured CI/CD pipelines to steal secrets and access tokens, including a Personal Access Token (PAT) from the aquasecurity/trivy repository.
First reported: 11.03.2026 07:121 source, 1 articleShow sources
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets — thehackernews.com — 11.03.2026 07:12
-
The compromised Trivy VS Code extension versions 1.8.12 and 1.8.13 executed local AI coding assistants to collect and exfiltrate sensitive information.
First reported: 11.03.2026 07:121 source, 1 articleShow sources
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets — thehackernews.com — 11.03.2026 07:12
Similar Happenings
Malicious nx Packages Exfiltrate Credentials in 's1ngularity' Supply Chain Attack
The **UNC6426** threat actor has weaponized credentials stolen during the August 2025 **nx npm supply-chain attack** to execute a rapid cloud breach, escalating from a compromised GitHub token to **full AWS administrator access in under 72 hours**. By abusing GitHub-to-AWS OpenID Connect (OIDC) trust, the attacker deployed a new IAM role with `AdministratorAccess`, exfiltrated S3 bucket data, terminated production EC2/RDS instances, and **publicly exposed the victim’s private repositories** under the `/s1ngularity-repository-[randomcharacters]` naming scheme. This follows the broader *Shai-Hulud* and *SANDWORM_MODE* campaigns, which collectively compromised **over 400,000 secrets** via trojanized npm packages, GitHub Actions abuse, and AI-assisted credential harvesting (e.g., QUIETVAULT malware leveraging LLM tools). The attack chain began with the **Pwn Request** exploitation of a vulnerable `pull_request_target` workflow in nx, leading to trojanized package publication and theft of GitHub Personal Access Tokens (PATs). UNC6426 later used tools like **Nord Stream** to extract CI/CD secrets, highlighting the risks of **overprivileged OIDC roles** and **standing cloud permissions**. Researchers warn of escalating supply chain risks, including **self-propagating worms** (Shai-Hulud), **PackageGate vulnerabilities** bypassing npm defenses, and **AI-assisted prompt injection** targeting developer workflows. Mitigations include disabling postinstall scripts, enforcing least-privilege access, and rotating all credentials tied to npm, GitHub, and cloud providers.