Security News > 2020 > December > Malicious RubyGems packages used in cryptocurrency supply chain attack
New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.
As anyone can upload a Gem to the RubyGems repository, it allows threat actors to upload malicious packages to the repository in the hopes that another developer will integrate it into their program.
If a large project integrates the malicious package, it will create a supply chain attack with a wide distribution to many users.
The malicious packages are named 'pretty color-0.8.1.gem' and 'ruby-bitcoin-0.0.20.gem' and contain a malicious Ruby script that creates VBS scripts that act as clipboard hijackers.
The Ruby script includes a comment containing a shoutout to Reversing Labs' Tomislav Maljic, who previously discovered 760 malicious Ruby packages that also performed clipboard hijacking.