Fun

Two Rubygems Infected With Crypto-Stealing Feature Malware Spotted by Researchers

News Feed - 2020-12-19 06:12:08

Two Rubygems Infected With Crypto-Stealing Feature Malware Spotted by Researchers


New infected Rubygems packages have been spotted in its open-source software repository and which contained malicious code mainly used to steal cryptocurrencies from users via supply chain attack. Two Cryptocurrency-Stealers Rubygems Detected by Researchers at Sonatype


According to Ax Sharma, a security researcher at Sonatype, the two gems detected — pretty_color and ruby-bitcoin — had malware that deployed the attack on Windows machines and replaced any bitcoin (BTC), ethereum (ETH), or monero (XMR) wallet addresses found on the victim’s clipboard by the attackers’ ones.


Rubygems is a package manager for the Ruby programming language that allows developers to integrate code developed by other people. Anyone can upload a “gem” to the repository, open in some way the doors for threat actors to upload their malicious packages.


The researcher explained further about how the attack operates: This means if a user who had mistakenly installed either of these gems was to copy-paste a bitcoin recipient wallet address somewhere on their system, the address would be replaced with that of the attacker, who’d now receive the bitcoins.


During an analysis conducted by the Sonatype Security Research team, it was detected that unless the victim double-checks the wallet address after they paste it, the clipboard hijacker deployed during the supply chain attack will quietly change the address by creating separate malicious scripts contained in VBS files.


Supply Chain Attacks: A Growing Concern


Sharma also warned on the growing trend that supply chain attacks have so far in 2020, considering it a “bigger concern.”


According to Sonatype’s 2020 State of the Software Supply Chain report, there was a 430% increase in upstream software supply chain attacks over the past year, making it “virtually impossible” to chase and keep track of such components manually.


Sonatype’s Sharma adds: Of all activities a ransomware group may conduct on a compromised system, replacing bitcoin wallet address on the clipboard feels more akin to a trivial mischief by an amateur threat actor than to a sophisticated ransomware operation. However, this coincidence does raise a bigger concern, considering how rampant software supply chain attacks have been in 2020.


Will we see a leading role in crypto-related supply chain attacks in 2021? Let us know in the comments section below. Nicehash Crypto Mining Pool "Fully" Reimburses All Users Affected by 2017 Hack SECURITY | 4 hours ago FBI Warns Ransomware Gangs Are Harassing Victims via Telephone Calls to Pay Crypto Ransoms SECURITY | 18 hours ago Tags in this story crypto wallet, Cryptocurrency Security, cryptocurrency wallet, cybersecurity, hijack, Protection, Security, security analysis, security breach, Supply Chain, wallet address


Image Credits: Shutterstock, Pixabay, Wiki Commons Purchase Bitcoin without visiting a cryptocurrency exchange. Buy BTC and BCH here. Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article. Read disclaimerShow comments

News Feed

Felix Ng8 hours agoSilvergate CEO to depart amid ongoing liquidation and investor suitsSilvergate is losing CEO Alan Lane and two other top executives as part of an ongoing wind-down of the once crypto-friendly bank.2092
Software engineer sentenced to three years in prison for Nirvana hack
Derek Andersen5 hours agoSoftware engineer sentenced to three years in prison for Nirvana hackShakeeb Ahmed was a technical lead for Amazon when he hacked smart contracts on at least two DEXes.6295 Total views2 Total sha
Tristan Greene4 hours agoYouTube is testing experimental AI that chats with you about what you’re watchingGoogle’s also testing a tool that will help creators manage their comment sections.2176 Total views3 Total sha
Tom Mitchelhill3 hours agoBreaking: Mt. Gox trustee changes repayment deadline to October 2024Rehabilitation trustee Nobuaki Kobayashi has extended the Mt. Gox repayment deadline by one year.1841 Total views26 Total shar
Hong Kong ends license application drive for crypto exchanges
Arijit Sarkar13 hours agoHong Kong ends license application drive for crypto exchangesAll crypto exchanges and trading platforms that have failed to file for license applications with the regulator by Feb. 29 must wind u
Dapper Labs Suspends NFT Operations for Russian Users Amid New EU Sanctions
Dapper Labs Suspends NFT Operations for Russian Users Amid New EU Sanctions Canadian company Dapper Labs has blocked operations with non-fungible tokens (NFTs) for Russian accounts
Dormant Bitcoin wallet moves $536M after over 5-year hiatus
Brayden Lindrea30 minutes agoDormant Bitcoin wallet moves $536M after over 5-year hiatusThe Bitcoin whale didn’t even send test transactions before moving their 8,000 Bitcoin.299 Total views19 Total sharesListen to art
India’s Central Bank Digital Currency Should Be Able to Do Anything Cryptocurrency Can Do With No Risk, Official Claims
India"s Central Bank Digital Currency Should Be Able to Do Anything Cryptocurrency Can Do With No Risk, Official Claims An Indian central bank official claims that if there is anyt
Bitcoin Must Close Above $107,000 To Confirm Breakout Or Risk Dropping To $98K
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
‘High-risk’ Telegram vulnerability exposes users to attacks — CertiK
Helen Partz13 hours ago‘High-risk’ Telegram vulnerability exposes users to attacks — CertiKThe newly discovered Telegram vulnerability can be avoided by disabling the automatic downloading of media files on Telegra
Cardano founder proposes Bitcoin Cash integration in X poll
Tristan Greene5 hours agoCardano founder proposes Bitcoin Cash integration in X pollThe ayes are winning with 8,301 votes for to 4,212 against, as of the time of this article’s publication.2888 Total views5 Total share
Ethereum Holds Key Support – Analyst Doubts Bears Can Defend $4K Anymore
Este artículo también está disponible en español. Ethereum has been attempting to reclaim the $2,800 level for days, but bears continue to apply selling pressure, keeping