VYPR
← All malware advisories

cargo · Malicious package advisory

Malware

replit_ruspty

RUSTSEC-2025-0154

`replit_ruspty` was removed from crates.io for malicious code

Details

The OpenSSF Package Analysis project identified 'replit_ruspty' @ 1.0.0 (crates.io) as malicious. Version 2.0.0 was also published with malware.

It is considered malicious because: The package communicates with a domain associated with malicious activity. The package executes one or more commands associated with malicious behavior.

This advisory is to retrospectively document this attack. The download records of the malicious crate are no longer available. The related malicious crates have been deleted.