Security News > 2020 > April > Trove of RubyGems malware highlights software supply chain issues

Trove of RubyGems malware highlights software supply chain issues
2020-04-23 13:54

Rather than reinventing the wheel by writing their own code to handle common tasks, they write it once as a software package and upload it to repositories.

These repositories contain thousands of packages for developers to download. The upside is that it accelerates software development.

Security researchers at threat detection company Reversing Labs found typosquatters had uploaded a malicious package in RubyGems, which is a repository serving the Ruby programming language.

You can install a RubyGems package - known as a Gem - by typing gem install followed by the package's name on the command line.

The RubyGems security team has removed all the affected packages from its repository, but Ruby developers should check the list of malicious packages to ensure that they're not running dodgy code.


News URL

https://nakedsecurity.sophos.com/2020/04/23/trove-of-rubygems-malware-highlights-software-supply-chain-issues/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Rubygems 2 0 3 16 4 23