https://decrypt.co/26025/rubygems-bitcoin-stealing-software-reversinglabs
By Mathew Di Salvo decrypt.co April 18, 2020 A cybersecurity firm discovered that over 700 libraries of the popular programming language, Ruby, contained malicious Bitcoin-stealing software. ReversingLabs, based in Cambridge, Massachusetts, disclosed its findings in a blog post on Thursday. Back in February, it wrote, hackers placed malicious files inside a package manager called RubyGems—which is usually used to upload and share improvements on existing pieces of software. The hackers were trying to trick developers into downloading malware by using a method called “typosquatting”, which consists of uploading malicious packages with similar names to regular ones. By just changing a few characters of a file name, the hope was that a developer would mistakenly download an infected package—unwittingly providing the hacker with access to their system. Once inside, the malware executed a malicious script that starts an infinite loop to capture a user’s clipboard data—with the goal of redirecting all potential cryptocurrency transactions to their wallet address. [...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
