Security News > 2020 > December > Malicious RubyGems packages used in cryptocurrency supply chain attack
New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.
As anyone can upload a Gem to the RubyGems repository, it allows threat actors to upload malicious packages to the repository in the hopes that another developer will integrate it into their program.
If a large project integrates the malicious package, it will create a supply chain attack with a wide distribution to many users.
The malicious packages are named 'pretty color-0.8.1.gem' and 'ruby-bitcoin-0.0.20.gem' and contain a malicious Ruby script that creates VBS scripts that act as clipboard hijackers.
The Ruby script includes a comment containing a shoutout to Reversing Labs' Tomislav Maljic, who previously discovered 760 malicious Ruby packages that also performed clipboard hijacking.
News URL
Related news
- It's only a matter of time before LLMs jump start supply-chain attacks (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack (source)