Security News > 2020 > December > Malicious RubyGems packages used in cryptocurrency supply chain attack
New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.
As anyone can upload a Gem to the RubyGems repository, it allows threat actors to upload malicious packages to the repository in the hopes that another developer will integrate it into their program.
If a large project integrates the malicious package, it will create a supply chain attack with a wide distribution to many users.
The malicious packages are named 'pretty color-0.8.1.gem' and 'ruby-bitcoin-0.0.20.gem' and contain a malicious Ruby script that creates VBS scripts that act as clipboard hijackers.
The Ruby script includes a comment containing a shoutout to Reversing Labs' Tomislav Maljic, who previously discovered 760 malicious Ruby packages that also performed clipboard hijacking.
News URL
Related news
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)