RubyGems have removed 18 malicious Ruby library versions
The maintainers of the RubyGems package repository have recently removed 18 malicious Ruby library versions that include a backdoor mechanism to launch cryptocurrency mining when using Ruby.
Malicious code was first discovered in four versions of the rest-client library, and rest-client is a very popular Ruby library. Malicious code in these libraries sends the URL and environment variables of the infected system to a remote server in Ukraine. The code also includes a backdoor mechanism that allows an attacker to send a cookie file back to an infected object and allow the attacker to execute malicious commands. The researchers found that this mechanism was used for mining cryptocurrency.
In addition to rest-client, there are 10 other Ruby libraries, but they are created by adding malicious code using another full-featured library and then re-uploading it on RubyGems with a new name. The researchers separately counted the number of times these malicious versions were downloaded before being removed. They were downloaded more than 3,000 times, and rest-client 1.6.13 was downloaded more than a thousand times:
rest-client: 1.6.10 (downloaded 176 times since August 13, 2019), 1.6.11 (downloaded 2 times since August 14, 2019), 1.6.12 (downloaded 3 times since August 14, 2019), and 1.6.13 (downloaded 1,061 times since August 14, 2019)
bitcoin_vanity: 4.3.3 (downloaded 8 times since May 12, 2019 )
lita_coin: 0.0.3 (downloaded 210 times since July 17, 2019)
coming-soon: 0.2.8 (downloaded 211 times since July 17, 2019)
omniauth_amazon: 1.0.1 (downloaded 193 times since July 26, 2019)
cron_parser: 0.1.4 (downloaded 2 times since July 8, 2019), 1.0.12 (downloaded 3 times since July 8, 2019), and 1.0.13 (downloaded 248 times since July 8, 2019)
coin_base: 4.2.1 (downloaded 206 times since July 9, 2019) and 4.2.2 (downloaded 218 times since July 16, 2019)
blockchain_wallet: 0.0.6 (downloaded 201 times since July 10, 2019) and 0.0.7 (downloaded 222 times since July 16, 2019)
awesome-bot: 1.18.0 (downloaded 232 times since July 15, 2019)
doge-coin: 1.0.2 (downloaded 213 times since July 17, 2019)
capistrano-colors: 0.5.5 (downloaded 175 times since August 1, 2019)
Source: ZDNet