Security News > 2020 > December > Two Malware-Laced Gems Found in RubyGems Repository
Two Ruby gems that were found to pack malware capable of running persistently on infected machines were removed recently from the RubyGems hosting service.
The two gems, pretty color and ruby-bitcoin, contained malware that was targeting Windows machines and which was meant to replace any cryptocurrency wallet address in the clipboard with an attacker-supplied one.
While analyzing the two gems, software development and security firm Sonatype discovered that pretty color contained legitimate files from colorize, a trusted open source component, which made detection more difficult.
The ruby-bitcoin gem, Sonatype's security researchers explain, only includes the malicious code present in the version.
A plain-text variant of the malicious script used in these gems was found on GitHub under an unrelated account, suggesting a possible connection to WannaCry.