Malicious Package Affecting faster_log package, versions *
Threat Intelligence
Snyk has reported that there have been attempts or successful attacks targeting this vulnerability.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RUST-FASTERLOG-13053582
- published26 Sept 2025
- disclosed23 Sept 2025
- creditKirill Boychenko
Introduced: 23 Sep 2025
Malicious CVE NOT AVAILABLE CWE-506 (opens in a new tab)How to fix?
Avoid using all malicious instances of the faster_log package.
Overview
faster_log is a malicious package.
Two malicious Rust crates, faster_log (impersonates the legitimate fast_log library) and async_println attempt to scan source files for Quoted Ethereum private keys (0x + 64 hex), Solana-style Base58 secrets and Bracketed byte arrays to later exfiltrate matches via HTTP POST to a hardcoded command and control (C2) endpoint https://mainnet[.]solana-rpc-pool[.]workers[.]dev/. The payload runs at application or test runtime, specifically during log packing operation, not at the build process.
Note:
If you have installed or used these crate since May 25th 2025, assume exposure: uninstall them, rotate any secrets that could have been exposed in source, tests, fixtures.