Monday, April 20, 2020

Malicious RubyGems Packages

Dan Goodin (via Hacker News):

More than 725 malicious packages downloaded thousands of times were recently found populating RubyGems, the official channel for distributing programs and code libraries for the Ruby programming language.


The accounts, which ReversingLabs suspects may be the work of a single individual, used a variation of typosquatting—the technique of giving a malicious file or domain a name that’s similar to a commonly recognizable name—to give the impression they were legitimate. For instance, “atlas-client,” a booby-trapped package with 2,100 downloads, was a stand-in for the authentic “atlas_client” package.


Once installed, the packages executed a script that attempted to intercept Bitcoin payments made on Windows devices.


Comments RSS · Twitter

Leave a Comment