Monday, April 20, 2020

Malicious RubyGems Packages

Dan Goodin (via Hacker News):

More than 725 malicious packages downloaded thousands of times were recently found populating RubyGems, the official channel for distributing programs and code libraries for the Ruby programming language.

[…]

The accounts, which ReversingLabs suspects may be the work of a single individual, used a variation of typosquatting—the technique of giving a malicious file or domain a name that’s similar to a commonly recognizable name—to give the impression they were legitimate. For instance, “atlas-client,” a booby-trapped package with 2,100 downloads, was a stand-in for the authentic “atlas_client” package.

[…]

Once installed, the packages executed a script that attempted to intercept Bitcoin payments made on Windows devices.

Previously:

Comments RSS · Twitter

Leave a Comment