Compromised Rust crate onering performs code exfiltration

June 10, 2026

The Rust ecosystem was targeted via a malicious upload to the crates.io package registry. Version v1.4.1 of the popular onering crate was found to contain a heavily backdoored build.rs script. Because Rust automatically executes build.rs compilation hooks during project builds, the malicious code triggers silently during compilation. The malware captures git diffs of the developer’s latest code commits and exfiltrates them to a fraudulent, attacker-controlled Sentry endpoint, leading to continuous intellectual property theft.Remediation involves immediately removing the onering version v1.4.1 dependency from all Cargo.toml manifests and clearing local Cargo registries. Engineering leads must audit network firewalls to ensure development environments cannot communicate with unauthorized outbound endpoints, and verify that any code changes committed during the active compromise window have not leaked proprietary business logic.If you need expert assistance in identifying compromised packages, securing your CI/CD pipelines, or conducting an emergency supply chain audit, contact Cyberlinx today to protect your development environment.

Table of Contents
Resource Type
Threat Intel
Category
DevSecOps
Written by
Cyberlinx Research Team
Offensive Security Research Team
Free Risk Assessment
Cyberlinx brand name with linked chain links icon above it in white on a black background.

Ready to secure your
business?