Cybersecurity experts have recently uncovered a cyber threat involving five Rust crates that disguise themselves as time-related utilities to siphon sensitive .env file data. These malicious packages were made available on crates.io, and include the following names: chrono_anchor, dnp3times, time_calibrator, time_calibrators, and time-sync.
Unmasking the Threat
Published between late February and early March 2026, these crates mimic the timeapi.io service. The consensus among analysts is that a single threat actor is behind this operation, using a consistent exfiltration method and a deceptive domain, “timeapis[.]io,” to collect the stolen data. According to security researcher Kirill Boychenko, the primary function of these crates is to steal credentials and secrets from developer environments, particularly targeting .env files.
While most of these packages simply exfiltrate data, “chrono_anchor” employs obfuscation techniques to evade detection. The package includes exfiltration logic in a file named “guard.rs,” triggered by an “optional sync” function, making it less suspicious to developers. Unlike traditional malware, this code does not establish persistence on the host; rather, it repeatedly exfiltrates .env secrets whenever the malicious code is called during a Continuous Integration (CI) workflow.
Implications for Developers
These .env files typically store API keys, tokens, and other sensitive information, enabling attackers to compromise downstream users and gain extensive access to environments, including cloud services and databases. Although these packages have been removed from crates.io, developers who downloaded them are advised to rotate keys and tokens, audit CI/CD jobs, and restrict network access to mitigate potential damage.
Socket, a security firm, emphasized the significance of this campaign, highlighting that even low-complexity supply chain malware can have a substantial impact when executed within developer workspaces and CI jobs. Therefore, users are encouraged to implement controls that can prevent malicious dependencies from executing.
AI Bot Exploitation of GitHub Actions
The discovery of these Rust crates coincides with the identification of an AI-powered bot, “hackerbot-claw,” which exploits CI/CD pipelines across major open-source repositories. This bot scans public repositories for vulnerable GitHub Actions workflows to extract developer secrets. Between February 21 and February 28, 2026, it targeted repositories from companies like Microsoft, Datadog, and Aqua Security.
The attack process involves scanning repositories for misconfigured pipelines, forking the target repository, and preparing a malicious payload. The bot then opens a pull request with a minor change, such as a typo correction, while concealing the main payload in the branch name or CI script. This tactic triggers the CI pipeline, executing the malicious code on the build server and stealing secrets and access tokens.
Among the highest-profile attacks was on Aqua Security’s “aquasecurity/trivy” repository. The bot exploited a pull_request_target workflow to steal a Personal Access Token (PAT), which was then used to compromise the repository.
Preventive Measures and Future Outlook
Aqua Security’s incident response team has since removed the compromised artifacts and revoked the credentials used to publish them. They advise users to uninstall the affected extensions, check for unexpected repositories, and rotate environment secrets. This incident is being tracked under the CVE identifier CVE-2026-28353.
To prevent similar threats, systems must ensure that specific conditions are met, such as having only the necessary versions installed, limiting permissions, and securing access to sensitive data. The progression from version 1.8.12 to 1.8.13 of the compromised software highlights an iterative approach by attackers to refine their exfiltration methods. Developers and organizations must remain vigilant and adopt robust security practices to safeguard their environments from such evolving threats.
