New infected Rubygems packages have been found in the open-source software repository and contain malicious code primarily used to steal cryptocurrencies from users via supply chain attack.
Two Cryptocurrency Stealers Rubygems Detected by Sonatype Investigators
According to Ax Sharma, a security researcher at Sonatype, the two gems detected – pretty_color and ruby-bitcoin – had malware that implemented the attack on Windows machines and replaced bitcoin (BTC), ethereum (ETH), or monero (XMR) wallet addresses found on the victim’s clipboard by the attackers.
Rubygems is a package manager for the Ruby programming language that allows developers to integrate code developed by other people. Anyone can upload a “gem” to the repository and somehow open the doors for threat actors to upload their malicious packages.
The researcher further explained how the attack works:
This means that if a user who accidentally installed one of these gems were to copy and paste the address of a bitcoin receiver wallet somewhere on their system, the address would be replaced with that of the attacker, who would now receive the bitcoins.
During an analysis conducted by the Sonatype Security Research team, it was found that unless the victim double-checks the wallet address after pasting it, the clipboard hijacker deployed during the supply chain attack will silently change the address by create individual malicious scripts contained in VBS files.
Supply chain attacks: a growing concern
Sharma also warned of the growing trend that supply chain attacks have so far in 2020 as it is a “bigger concern.”
According to Sonatype’s Software Supply Chain State Report for 2020There was a 430% increase in attacks on the upstream software supply chain over the past year, making it “virtually impossible” to manually track and maintain such components.
Sonatype’s Sharma adds:
Of all the activities a ransomware group can perform on a compromised system, replacing the bitcoin wallet address on the clipboard feels more like a trivial doom by an amateur threat actor than an advanced ransomware operation. However, this coincidence is of greater concern given the rampant attacks on the software supply chain in 2020.
Will we see a leading role in crypto-related supply chain attacks in 2021? Let us know in the comments below.
Image Credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or invitation to an offer to buy or sell, or a recommendation or endorsement of products, services, or companies. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.