Security News > 2020 > December > Malicious RubyGems packages used in cryptocurrency supply chain attack
New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.
As anyone can upload a Gem to the RubyGems repository, it allows threat actors to upload malicious packages to the repository in the hopes that another developer will integrate it into their program.
If a large project integrates the malicious package, it will create a supply chain attack with a wide distribution to many users.
The malicious packages are named 'pretty color-0.8.1.gem' and 'ruby-bitcoin-0.0.20.gem' and contain a malicious Ruby script that creates VBS scripts that act as clipboard hijackers.
The Ruby script includes a comment containing a shoutout to Reversing Labs' Tomislav Maljic, who previously discovered 760 malicious Ruby packages that also performed clipboard hijacking.
News URL
Related news
- LottieFiles hit in npm supply chain attack targeting users' crypto (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Ultralytics Supply-Chain Attack (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)