Skip to main content

Two Rubygems Infected With Crypto-Stealing Feature Malware Spotted by Researchers

 


New infected Rubygems packages have been spotted in its open-source software repository and which contained malicious code mainly used to steal cryptocurrencies from users via supply chain attack.

Two Cryptocurrency-Stealers Rubygems Detected by Researchers at Sonatype

According to Ax Sharma, a security researcher at Sonatype, the two gems detected — pretty_color and ruby-bitcoin — had malware that deployed the attack on Windows machines and replaced any bitcoin (BTC), ethereum (ETH), or monero (XMR) wallet addresses found on the victim’s clipboard by the attackers’ ones.

Rubygems is a package manager for the Ruby programming language that allows developers to integrate code developed by other people. Anyone can upload a “gem” to the repository, open in some way the doors for threat actors to upload their malicious packages.

The researcher explained further about how the attack operates:

This means if a user who had mistakenly installed either of these gems was to copy-paste a bitcoin recipient wallet address somewhere on their system, the address would be replaced with that of the attacker, who’d now receive the bitcoins.

During an analysis conducted by the Sonatype Security Research team, it was detected that unless the victim double-checks the wallet address after they paste it, the clipboard hijacker deployed during the supply chain attack will quietly change the address by creating separate malicious scripts contained in VBS files.

Supply Chain Attacks: A Growing Concern

Sharma also warned on the growing trend that supply chain attacks have so far in 2020, considering it a “bigger concern.”

According to Sonatype’s 2020 State of the Software Supply Chain report, there was a 430% increase in upstream software supply chain attacks over the past year, making it “virtually impossible” to chase and keep track of such components manually.

Sonatype’s Sharma adds:

Of all activities a ransomware group may conduct on a compromised system, replacing bitcoin wallet address on the clipboard feels more akin to a trivial mischief by an amateur threat actor than to a sophisticated ransomware operation. However, this coincidence does raise a bigger concern, considering how rampant software supply chain attacks have been in 2020.

Source: news.bitcoin.com


Comments

Post a Comment

Contact us

Name

Email *

Message *

Popular posts from this blog

Cryptocurrencies Adding to the Safety and Security in the UK Gambling Industry

These are exciting times for the UK gambling industry. The impact of internet technology is now being felt with online gambling now controlling the industry.  The adoption of cutting-edge technology is reasonable for the boom in the industry. From live casinos, mobile apps to artificial intelligence, incredible trends continue shaping the gambling industry. However, it is the rise of cryptocurrency casinos that seeks to redefine UK gambling.  Many operators now include crypto coins such as bitcoin, Ethereum and Litecoin as part of their banking methods. Others offer exclusive bitcoin payments and promotions based on digital tokens. This revolutionary trend has a huge impact due to enhanced safety and security on these platforms. Players looking for peace of mind when playing online now opt to use cryptocurrencies. This post looks at how cryptos guarantee the safety and security of players at online casinos. How Cryptocurrency Gambling Works There’s a lot of talk ab...
Post a Comment
Read more

Coinbase to Require Recipient Information for Crypto Transfers From Users in Canada, Singapore and Japan

  Customers in those countries who send crypto outside their Coinbase accounts must provide recipients’ names, addresses and in some cases, additional information, as of early April. Cryptocurrency exchange Coinbase Global (COIN) will soon require its customers in Canada, Japan and Singapore who send cryptocurrency to another financial institution or exchange to provide the name, address and in the case of Japan, the destination wallet of the recipient. Coinbase has been sending notices to its customers in those countries that the changes will take effect in early April in order to comply with local travel rules in those places. Coinbase didn't immediately respond to requests for additional comment on the moves, but confirmed that they were taking place. The move  does not seem to be going over well  with Coinbase customers in those countries, who value the anonymity of transactions using cryptocurrency. According to a  FAQ provided by Coinbase , for Canadian users, ...
Post a Comment
Read more

Quomodocunquize

                                       Definition:  " To make money in any way possible . ” Example:  Rather than quomodocunquizing,  invest your money wisely . Please, please, please use a hardware cold wallet like Ledger . It's  a  cold wallet ,  cold  =  not exposed  to  internet  =  only your hardware device . ...  Use Ledger  as  cold storage . Too many people spend money they earned..to buy things they don't want..to impress people that they don't like. --Will Rogers A wise person should have money in their head, but not in their heart. --Jonathan Swift Wealth consists not in having great possessions, but in having few wants. --Epictetus Money often costs too much. --Ralph Waldo Emerson Everyday is a bank account, and time is our currency. No one is rich, no one is poor, we've got 24 hours each. --Christopher...
Post a Comment
Read more