Security News > 2020 > December > Malicious RubyGems packages used in cryptocurrency supply chain attack

New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.
As anyone can upload a Gem to the RubyGems repository, it allows threat actors to upload malicious packages to the repository in the hopes that another developer will integrate it into their program.
If a large project integrates the malicious package, it will create a supply chain attack with a wide distribution to many users.
The malicious packages are named 'pretty color-0.8.1.gem' and 'ruby-bitcoin-0.0.20.gem' and contain a malicious Ruby script that creates VBS scripts that act as clipboard hijackers.
The Ruby script includes a comment containing a shoutout to Reversing Labs' Tomislav Maljic, who previously discovered 760 malicious Ruby packages that also performed clipboard hijacking.
News URL
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)