Malicious Rust Crates and AI Bot Target CI/CD Pipelines to Steal Developer Secrets
In a recent cybersecurity development, researchers have identified five malicious Rust crates masquerading as time-related utilities, designed to exfiltrate sensitive data from developers’ environments. These packages, published on crates.io between late February and early March 2026, include:
– chrono_anchor
– dnp3times
– time_calibrator
– time_calibrators
– time-sync
According to security firm Socket, these crates impersonate the legitimate timeapi.io service and are believed to be the work of a single threat actor. The attacker utilized a lookalike domain, timeapis[.]io, to collect the stolen data. Despite appearing as local time synchronization tools, their primary function is to steal credentials and secrets, particularly from .env files, which often contain API keys, tokens, and other sensitive information.
Among these, chrono_anchor stands out due to its advanced obfuscation techniques aimed at evading detection. It embeds the exfiltration code within a file named guard.rs, invoked through an optional sync helper function to avoid raising suspicion. Unlike typical malware that establishes persistence on the host system, this crate repeatedly exfiltrates .env secrets each time a developer’s Continuous Integration (CI) workflow executes the malicious code.
The targeting of .env files is particularly concerning, as these files store critical information that, if compromised, can grant attackers access to cloud services, databases, and other essential components of a developer’s environment. Although these malicious packages have been removed from crates.io, developers who may have downloaded them are advised to:
– Assume potential data exfiltration has occurred.
– Rotate all keys and tokens stored in .env files.
– Audit CI/CD jobs that utilize publish or deploy credentials.
– Implement restrictions on outbound network access where feasible.
This incident underscores the significant impact that even low-complexity supply chain attacks can have when executed within developer workspaces and CI environments. It highlights the necessity for robust controls to prevent the execution of malicious dependencies.
In a related development, an AI-powered bot named hackerbot-claw has been discovered targeting CI/CD pipelines across major open-source repositories. Between February 21 and February 28, 2026, this bot targeted at least seven repositories belonging to organizations such as Microsoft, Datadog, and Aqua Security.
The attack sequence employed by hackerbot-claw involves:
1. Scanning public repositories for misconfigured CI/CD pipelines.
2. Forking the target repository and preparing a malicious payload.
3. Opening a pull request with a minor change, such as a typo correction, while embedding the main payload in the branch name, file name, or a CI script.
4. Exploiting the automatic activation of workflows on pull requests to execute the malicious code on the build server.
This method allows the bot to harvest developer secrets by leveraging vulnerabilities in CI/CD configurations. The emergence of such AI-driven attacks emphasizes the evolving nature of threats in the software development lifecycle and the critical need for vigilant security practices.
