Information Security News mailing list archives
Bitcoin stealer infected 700+ libraries of major programming language
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 20 Apr 2020 10:13:06 +0000 (UTC)
https://decrypt.co/26025/rubygems-bitcoin-stealing-software-reversinglabs By Mathew Di Salvo decrypt.co April 18, 2020 A cybersecurity firm discovered that over 700 libraries of the popular programming language, Ruby, contained malicious Bitcoin-stealing software. ReversingLabs, based in Cambridge, Massachusetts, disclosed its findings in a blog post on Thursday. Back in February, it wrote, hackers placed malicious files inside a package manager called RubyGems—which is usually used to upload and share improvements on existing pieces of software. The hackers were trying to trick developers into downloading malware by using a method called “typosquatting”, which consists of uploading malicious packages with similar names to regular ones. By just changing a few characters of a file name, the hope was that a developer would mistakenly download an infected package—unwittingly providing the hacker with access to their system. Once inside, the malware executed a malicious script that starts an infinite loop to capture a user’s clipboard data—with the goal of redirecting all potential cryptocurrency transactions to their wallet address. [...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Bitcoin stealer infected 700+ libraries of major programming language InfoSec News (Apr 20)