Malicious Gems Steal User’s Cryptocurrency

RubyGems Blogs | IEMLabs

Open-source security firm Sonatype reported about new malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.

RubyGems is a package manager for the Ruby programming language that allows developers to download and integrate code developed by other people into their programs. As anyone can upload a Gem to the Ruby gem repository, it allows threat actors to upload malicious packages to the repository in the hopes that another developer will integrate it into their program.

The newly discovered malicious RubyGems  install a clipboard hijacker. These packages are masquerading as a bitcoin library and a library for displaying strings with different color effects.

A clipboard hijacker monitors the Windows clipboard for cryptocurrency addresses, and if one is detected, replaces it with an address under the attacker’s control. Unless a user double-checks the address after they paste it, the sent coins will go to the attacker’s cryptocurrency address instead of the intended recipient.

The malicious packages are named ‘pretty_color-0.8.1.gem’ and ‘ruby-bitcoin-0.0.20.gem’ and contain a malicious Ruby script that creates VBS scripts that act as clipboard hijackers.

The ruby-bitcoin-0.0.20.gem package was added to RubyGems on December 7th and had 81 downloads. The pretty_color-0.8.1.gem package was added on December 13th and had 61 downloads. Both packages were removed by Ruby gems the day after they were added to the repository. At this time, none of the cryptocurrency addresses have received any funds.


By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!