Backfill old malware takedowns, mostly from 2023

crates/acceptxmr-rs/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "acceptxmr-rs"
+date = "2023-11-15"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `acceptxmr-rs` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`Kraded` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/bit-flags/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "bit-flags"
+date = "2023-12-22"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `bit-flags` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`alexrichton` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/hann-rs-service/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "hann-rs-service"
+date = "2023-11-18"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `hann-rs-service` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`TerryDavisSoldier` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/lasso-rs/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "lasso-rs"
+date = "2023-11-15"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `lasso-rs` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`Kraded` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/lfest-main/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "lfest-main"
+date = "2023-11-15"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `lfest-main` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`Kraded` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/libusb1-main/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "libusb1-main"
+date = "2023-11-15"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `libusb1-main` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`Kraded` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/littest/RUSTSEC-0000-0000.md

@@ -0,0 +1,28 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "littest"
+date = "2023-11-06"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `littest` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the
+malicious user `http-tiny` and contained a malware payload in `build.rs` to
+exfiltrate host information to the attacker.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.
+
+Thanks to Louis Lang at [Phylum] (now [Veracode]) for reporting this malware
+campaign.
+
+[Phylum]: https://phylum.io/
+[Veracode]: https://www.veracode.com/

crates/monero-api/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "monero-api"
+date = "2023-11-15"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `monero-api` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`Kraded` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/monero-rpc-rs/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "monero-rpc-rs"
+date = "2023-11-15"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `monero-rpc-rs` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`Kraded` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/openvpn-plugin-rs/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "openvpn-plugin-rs"
+date = "2023-11-18"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `openvpn-plugin-rs` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`TerryDavisSoldier` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/postgresderive/RUSTSEC-0000-0000.md

@@ -0,0 +1,28 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "postgresderive"
+date = "2023-08-18"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `postgresderive` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the
+malicious user `amaperf` and contained a malware payload in `build.rs` to
+exfiltrate host information to the attacker.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.
+
+Thanks to Louis Lang at [Phylum] (now [Veracode]) for reporting this malware
+campaign.
+
+[Phylum]: https://phylum.io/
+[Veracode]: https://www.veracode.com/

crates/rands/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "rands"
+date = "2025-02-10"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `rands` was removed from crates.io for malicious code
+
+This crate attempted to typosquat the `rand` crate, and would link in a malware
+payload on macOS and Linux hosts when built.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/registry-win/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "registry-win"
+date = "2023-11-15"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `registry-win` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`Kraded` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/tauri-win-rt-notification/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "tauri-win-rt-notification"
+date = "2023-11-20"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `tauri-win-rt-notification` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`gabielle55131` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/tauri-winrt-notifications/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "tauri-winrt-notifications"
+date = "2023-11-20"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `tauri-winrt-notifications` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`gabielle55131` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.

crates/tiny-server/RUSTSEC-0000-0000.md

@@ -0,0 +1,28 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "tiny-server"
+date = "2023-11-06"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `tiny-server` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the
+malicious user `http-tiny` and contained a malware payload in `build.rs` to
+exfiltrate host information to the attacker.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.
+
+Thanks to Louis Lang at [Phylum] (now [Veracode]) for reporting this malware
+campaign.
+
+[Phylum]: https://phylum.io/
+[Veracode]: https://www.veracode.com/

crates/win-base64-rs/RUSTSEC-0000-0000.md

@@ -0,0 +1,21 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "win-base64-rs"
+date = "2023-11-15"
+expect-deleted = true
+categories = ["malicious"]
+
+[versions]
+patched = []
+```
+
+# `win-base64-rs` was removed from crates.io for malicious code
+
+This crate was part of a typosquatting malware cluster published by the user
+`Kraded` to run an arbitrary malware payload on Windows hosts.
+
+This advisory is to retrospectively document this attempted attack. The version
+information and download records of the malicious crate are no longer
+available. The related malicious crates have been yanked, and the malicious
+account has been banned.