New infected Rubygems packages have been spotted in its open-source software repository and which contained malicious code mainly used to steal cryptocurrencies from users via supply chain attack.
Two Cryptocurrency-Stealers Rubygems Detected by Researchers at Sonatype
According to Ax Sharma, a security researcher at Sonatype, the two gems detected â€” pretty_color and ruby-bitcoin â€” had malware that deployed the attack on Windows machines and replaced any bitcoin (BTC), ethereum (ETH), or monero (XMR) wallet addresses found on the victimâ€™s clipboard by the attackersâ€™ ones.
Rubygems is a package manager for the Ruby programming language that allows developers to integrate code developed by other people. Anyone can upload a â€œgemâ€ to the repository, open in some way the doors for threat actors to upload their malicious packages.
The researcher explained further about how the attack operates:
During an analysis conducted by the Sonatype Security Research team, it was detected that unless the victim double-checks the wallet address after they paste it, the clipboard hijacker deployed during the supply chain attack will quietly change the address by creating separate malicious scripts contained in VBS files.
Supply Chain Attacks: A Growing Concern
Sharma also warned on the growing trend that supply chain attacks have so far in 2020, considering it a â€œbigger concern.â€
According to Sonatypeâ€™s 2020 State of the Software Supply Chain report, there was a 430% increase in upstream software supply chain attacks over the past year, making it â€œvirtually impossibleâ€ to chase and keep track of such components manually.
Sonatypeâ€™s Sharma adds:
Will we see a leading role in crypto-related supply chain attacks in 2021? Let us know in the comments section below.
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.