Bootstrap-Sass is a popular Ruby UI framework that provides developers with a Sass version of Bootstrap. According to ZDNet, on Wednesday, developer Derek Barnes found the backdoor code in the 220.127.116.11 version of the library. This small piece of malicious code is shown in the image below.
After embedding Ruby or Ruby on Rails, this code “would load a cookie file and execute its content.” According to statistics, although the installation volume of Bootstrap-Sass reached 28 million, this backdoor version has only 1,470 installations.
The back door has been removed from RubyGems on the same day the report was published, and the Bootstrap-Sass team also revoked access to RubyGems because developers thought their account was compromised and used to push malicious code. In addition, Bootstrap-Sass v18.104.22.168 was released on RubyGems and GitHub, completely removing the backdoor content.