Security News > 2020 > April > 760+ malicious packages found typosquatting on RubyGems

760+ malicious packages found typosquatting on RubyGems
2020-04-17 08:10

Researchers have discovered over 760 malicious Ruby packages typosquatting on RubyGems, the Ruby community's gem repository / hosting service.

ReversingLabs analysts wanted to see how widespread the practice of package typosquatting is within RubyGems.

The practice refers to the intentional use of package names very similar to those of popular packages, with the ostensible intention of tricking users into executing them and unknowingly running malicious code.

"We crafted a list of the most popular gems to use as a baseline. On a weekly basis, we collected gems that were newly pushed to the RubyGems repository. If we detected a new gem with a similar name to any of the baseline list gems, we flagged it as interesting for analysis," threat analyst Tomislav Maljić explained.

ReversingLabs previously flagged a batch of malicious Python libraries hosted on Python Package Index, and developer Jussi Koljonen found that several older versions of popular Ruby packages on RubyGems were trojanized to steal information and mine cryptocurrency.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/VvQQOM96hKQ/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Rubygems 2 0 3 16 4 23