This article was published on August 22, 2019

Cryptojacking malware found in 11 RubyGem language repositories

Ruby, ruby, ruby, ruby


Cryptojacking malware found in 11 RubyGem language repositories

Malware designed to surreptitiously infect victims’ computer systems and mine cryptocurrency on behalf of hackers has been found in 11 code libraries on programming language manager RubyGems.

Hackers exploited RubyGems – a package manager for the Ruby programming language that devs use to upload and distribute new versions of software – by downloading Ruby libraries, adding the malicious code, and re-uploading them under new names Decrypt reports.

Thousands have been exposed to the malicious code, although the exact number remains unclear. It’s also not statedt if hackers have been able to commandeer and cryptocurrency through this specific exploit.

GitHub user Juskoljo released details of the attack on GitHub. It appears that compromised RubyGem accounts were used by hackers to gain access to the libraries and carry out their attack.

Five of the 11 Ruby code libraries affected were apparently related to cryptocurrency and had names such as, doge_coin, coin_base, and blockchain_wallet.

The libraries masquerading as coin_base and blockchain_wallet were downloaded the most, with 424 and 423 downloads, respectively, since they were uploaded in early July. One can only hope that those who downloaded the infected libraries, noticed and removed them from their system.

According to research from internet security firm SonicWall, unsuspecting victims were crypto-jacked more than 52 million times over the first half of 2019.

The study also found that crypto-jacking attempts actually increased in the first half of the year when compared to the last six months of 2018.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with