Bitcoin stealer infected 700+ libraries of major programming language

[InfoSec News <alerts () infosecnews org>]

https://decrypt.co/26025/rubygems-bitcoin-stealing-software-reversinglabs

By Mathew Di Salvo
decrypt.co
April 18, 2020

A cybersecurity firm discovered that over 700 libraries of the popular
programming language, Ruby, contained malicious Bitcoin-stealing software.

ReversingLabs, based in Cambridge, Massachusetts, disclosed its findings in a
blog post on Thursday. Back in February, it wrote, hackers placed malicious
files inside a package manager called RubyGems—which is usually used to upload
and share improvements on existing pieces of software.

The hackers were trying to trick developers into downloading malware by using a
method called “typosquatting”, which consists of uploading malicious packages
with similar names to regular ones. By just changing a few characters of a file
name, the hope was that a developer would mistakenly download an infected
package—unwittingly providing the hacker with access to their system.

Once inside, the malware executed a malicious script that starts an infinite
loop to capture a user’s clipboard data—with the goal of redirecting all
potential cryptocurrency transactions to their wallet address.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_