ReversingLabs researchers have found more than 725 malicious packages populating RubyGems, the official channel for distributing programs and code libraries for the Ruby programming language.
The malicious packages were downloaded nearly 100,000 times, but a significant portion of those are likely the result of scripts that automatically crawl all 158,000 packages available in the repository.
All of the packages originated from just two user accounts: "JimCarrey" and "PeterGibbons."
The researchers suspect a single individual may be responsible for creating both accounts, which used a variation of typosquatting to give the impression they were legitimate.
Once installed, the packages execute a script that attempts to intercept Bitcoin payments made on Windows devices.
From Ars Technica
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found