{"id":"RUSTSEC-2025-0155","summary":"`rands` was removed from crates.io for malicious code","details":"This crate attempted to typosquat the `rand` crate, and would link in a malware\npayload on macOS and Linux hosts when built.\n\nThis advisory is to retrospectively document this attempted attack. The version\ninformation and download records of the malicious crate are no longer\navailable. The related malicious crates have been yanked, and the malicious\naccount has been banned.","modified":"2026-03-26T06:30:10.923031Z","published":"2025-02-10T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/rands"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0155.html"}],"affected":[{"package":{"name":"rands","ecosystem":"crates.io","purl":"pkg:cargo/rands"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0155.json","informational":null,"categories":["malicious"],"cvss":null}}],"schema_version":"1.7.5"}