Home → News → Supply-Chain Attack Hits RubyGems Repository with... → Full Text

Supply-Chain Attack Hits RubyGems Repository with 725 Malicious Packages

By Ars Technica

April 30, 2020

[article image]

ReversingLabs researchers have found more than 725 malicious packages populating RubyGems, the official channel for distributing programs and code libraries for the Ruby programming language.

The malicious packages were downloaded nearly 100,000 times, but a significant portion of those are likely the result of scripts that automatically crawl all 158,000 packages available in the repository.

All of the packages originated from just two user accounts: "JimCarrey" and "PeterGibbons."

The researchers suspect a single individual may be responsible for creating both accounts, which used a variation of typosquatting to give the impression they were legitimate.

Once installed, the packages execute a script that attempts to intercept Bitcoin payments made on Windows devices.

From Ars Technica
View Full Article


Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


No entries found