crypto wallet, Cryptocurrency Security, cryptocurrency wallet, cybersecurity, hijack, Protection, Security, security analysis, security breach, Supply Chain, wallet address

New infected Rubygems packages have been spotted in its open-source software repository and which contained malicious code mainly used to steal cryptocurrencies from users via supply chain attack.

Two Cryptocurrency-Stealers Rubygems Detected by Researchers at Sonatype

According to Ax Sharma, a security researcher at Sonatype, the two gems detected — pretty_color and ruby-bitcoin — had malware that deployed the attack on Windows machines and replaced any bitcoin (BTC), ethereum (ETH), or monero (XMR) wallet addresses found on the victim’s clipboard by the attackers’ ones.

Rubygems is a package manager for the Ruby programming language that allows developers to integrate code developed by other people. Anyone can upload a “gem†to the repository, open in some way the doors for threat actors to upload their malicious packages.

The researcher explained further about how the attack operates:

During an analysis conducted by the Sonatype Security Research team, it was detected that unless the victim double-checks the wallet address after they paste it, the clipboard hijacker deployed during the supply chain attack will quietly change the address by creating separate malicious scripts contained in VBS files.

Supply Chain Attacks: A Growing Concern

Sharma also warned on the growing trend that supply chain attacks have so far in 2020, considering it a “bigger concern.â€

According to Sonatype’s 2020 State of the Software Supply Chain report, there was a 430% increase in upstream software supply chain attacks over the past year, making it “virtually impossible†to chase and keep track of such components manually.

Sonatype’s Sharma adds:

Will we see a leading role in crypto-related supply chain attacks in 2021? Let us know in the comments section below.

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.

Du lịch nhật bản, hướng dẫn du lịch Nhật và đánh giá địa điểm Nhật Bản Japan travel news, japan travel guides, japan holiday destinations and japan reviews

RELATED NEWS

Cybersecurity Firm Spots a Crypto Stealer Distributed Through a Massive Email Spam Campaign and Discord Channels

A crypto stealer seems to have spread through a massive spam campaign across several countries, including the United States, Australia, Japan, and Germany. The malware dubbed “Panda Stealer†has been spotted by a cybersecurity company. It is reportedly also distributed on Discord channels. Malware Can Also Steal Data From Telegram and Discord Apps According to […]

Xem chi tiết: Cybersecurity Firm Spots a Crypto Stealer Distributed Through a Massive Email Spam Campaign and Discord Channels

Biden Economics: US Jobs Report Lackluster, Unemployment Extensions Hammer Supply Chain, Americans Want More Stimulus

Recent headlines in numerous publications claim the U.S. economy is set for rapid expansion and a “post Covid boom†thanks to Joe Biden’s economic plans. However, contradicting reports identify certain struggling elements, such as the supply chain, which have been ravaged by bureaucratic mandates, and suggest a bleaker circumstance entirely. Biden Administration Scrambles After a […]

Xem chi tiết: Biden Economics: US Jobs Report Lackluster, Unemployment Extensions Hammer Supply Chain, Americans Want More Stimulus

Researchers Spot New Cryptocurrency Stealing Malware Advertised Under a Subscription Model

A cryptocurrency-related malware program has been advertised on darknet forums as the “leading way to make money in 2021,†raising alarms among the cybersecurity community. Palo Alto Networks published a report on the malicious app Westeal, detailing the author’s ties with other types of malware that steals major streaming services accounts. Westeal Claims to Be […]

Xem chi tiết: Researchers Spot New Cryptocurrency Stealing Malware Advertised Under a Subscription Model

Cryptocurrency Exchange Hotbit Hacked: Systems Paralyzed, 2 Million Users Affected

A cryptocurrency exchange with about 2 million users worldwide announced that it has “suffered a serious cyber attack.†A number of basic services are paralyzed and the attacker tried to access the exchange’s wallets. Consequently, the platform has shut down, stating that it needs to perform a “comprehensive inspection†which is expected to last one […]

Xem chi tiết: Cryptocurrency Exchange Hotbit Hacked: Systems Paralyzed, 2 Million Users Affected

Intel Partners With Microsoft to Combat Cryptojacking Attacks by Deploying a Threat Detection Tool

Although recent studies have been showing a slowdown in cryptojacking activities, especially the ones related to mining privacy coins, Intel remains on the hunt to crackdown on such activities. The tech giant has partnered with Microsoft to deploy a campaign that strengthens cryptojacking detection with new technologies. Tool Could Trigger Multiple Detectors to Halt Any […]

Xem chi tiết: Intel Partners With Microsoft to Combat Cryptojacking Attacks by Deploying a Threat Detection Tool

Cryptojacking Activity Decreased for the First Time Since 2018, Says Intelligence Report

Cryptojacking activity seems to be losing momentum, specifically types that mine monero, as a recent report unveiled a slowdown in the illicit crypto-mining activities in the cloud. A threat intelligence firm compiled the results. Report Focused on Cryptojacking Incidents With Monero According to Unit 42 in their “Cloud Thread Report,†cryptojacking attacks have been decreasing […]

Xem chi tiết: Cryptojacking Activity Decreased for the First Time Since 2018, Says Intelligence Report

Study Finds Cryptocurrency Scams Surged 40% in 2020, Forecasts an Increase of 75% in 2021

A new study revealed that cryptocurrency-related scams almost doubled over the last year. However, forecasts are not optimistic going forward, as the report forecasts another significant increase in the number of cases in 2021. Research Scanned Over 300 Million Websites According to the “Cryptocurrency Scam Report†published by fraud prevention company Bolster and shared with […]

Xem chi tiết: Study Finds Cryptocurrency Scams Surged 40% in 2020, Forecasts an Increase of 75% in 2021

Individual Detained in Romania Under Suspicion of Stealing Thousands of Cryptos From an Unnamed Major Exchange

Romanian authorities pursued an operation that left a person detained for the individual’s alleged involvement in a case of stealing from a cryptocurrency exchange. The investigation revealed that the unnamed trading platform company is located in the Cayman Islands. Over $620,000 Stolen During the Cyberattack According to the prosecutors of the Directorate for the Investigation […]

Xem chi tiết: Individual Detained in Romania Under Suspicion of Stealing Thousands of Cryptos From an Unnamed Major Exchange

Indictment Order Issued Against Leaders of the Geek Group for Their Role Using BTC in an Illegal Money Transmission Business

Cyber Criminals Are Now Hiding Their Stolen Cryptos 13x Faster, Says Report

Japanese Authorities Say the Majority of People Involved in Coincheck’s 2018 Hack Are Individuals With ‘High Social Status’

Study: Top-Tier Cryptocurrency Exchanges Increased Their Market Share by 13% Since October 2020

Belgium Energy Minister’s Twitter Account Hacked- Fake Ethereum Giveaway Advertised

Elon Musk Shoots Down Crypto Wallet App Freewallet After It Tried to Ride His Dogecoin Fame

Crypto Portfolio Tracking App Apologizes for Racist Messages Sent to Customers- Investigations Underway

Bitcoin Marketplace Keepchange Suffers Data Breach — No Funds Stolen During the Incident

Other Articles