ruby gems attacked

Bitcoin Thief Infected Over 700 Libraries of a Major Programming Language

By geostima | CryptoAssetMan | 22 Apr 2020


Long story short: A few days ago the cybersecurity firm ReversingLabs (https://www.reversinglabs.com/) revealed an attack that targeted Ruby developers who also happen to be crypto-enthusiasts and who are using windows as their operating system of choice.

An in-depth analysis showed that there were over 700 libraries, containing many highly-used files, which were infected with malicious software. Hackers were able to pull this off by injecting malicious files into the packages which are managed by the RubyGems application, which is comparable to the node package manager used in web development.

These packages are meant to upgrade, scale, or improve web application projects and due to there being a really large number of these packages, one can never be too trusting...

The attack itself involved a method known as "typosquatting" where files using a name of another similar known plugin is used and therefore tricking users into downloading the malicious files contained within the "fake" package.

Once infected, the users activity was tracked in a similar fashion to how trojans and keyloggers work.

Any cryptocurrency transactions would be noted and the hackers would redirect transactions to their own wallet addresses instead.

The attack however is reportedly a complete failure and no amount of cryptocurrency was stolen (at least for the time being) and because it was quickly discovered and investigated by both parties involved. ReverseLabs to the rescue!

RubyGems developers have, in light of the report, checked and removed all malicious files from their repositories, but since this requires manual verification of each and every file, this issue could arise again in the future if a more preventive method is not put in place.

How would developers go about preventing such an attack in the future, it is a question worth asking...

How do you rate this article?


1

0

geostima
geostima

Epic high-fantasy is my thing. I like cookies.


CryptoAssetMan
CryptoAssetMan

May contain some interesting information, news, technical explanations and analysis, and perhaps even nifty faucets which i've come across during my crypto-journey!

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.