Sign In

Communications of the ACM

ACM TechNews

Supply-Chain Attack Hits RubyGems Repository with 725 Malicious Packages


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A RubyGems logo.

Researchers found more than 725 malicious packages populating RubyGems, the official channel for distributing programs and code libraries for the Ruby programming language.

Credit: RubyGems.org

ReversingLabs researchers have found more than 725 malicious packages populating RubyGems, the official channel for distributing programs and code libraries for the Ruby programming language.

The malicious packages were downloaded nearly 100,000 times, but a significant portion of those are likely the result of scripts that automatically crawl all 158,000 packages available in the repository.

All of the packages originated from just two user accounts: "JimCarrey" and "PeterGibbons."

The researchers suspect a single individual may be responsible for creating both accounts, which used a variation of typosquatting to give the impression they were legitimate.

Once installed, the packages execute a script that attempts to intercept Bitcoin payments made on Windows devices.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found