11 Open-source, Ruby-run Libraries Infected with Crypto-jacking Virus

By Warren Hayes | August 22, 2019

11 open-source code libraries, which was written using the Ruby programming language, have been infected with a new type of crypto-jacking virus that has already had thousands of downloads.

Reported by Decrypt on August 21, the crypto-jacking virus was put into a total of 11 open-source Ruby libraries – which operate on the RubyGems platform. The report revealed that a total number of more than 3,500 downloads of the virus-filled libraries have been conducted.

The libraries were reportedly retrieved from its online platform by the criminals, fill them with the virus and allegedly upload them back into their original locations. 

A Github account has first pointed out the crypto-jacking virus in the libraries, and disclosed the information publicly via a post on August 19th. He further notified that upon running, the libraries will be downloading an extra code from text hosting service Pastebin, which is the final component to initiate the illegal mining

Aside from mining, the virus will collect the victims’ addresses and credentials and send it to the attackers.

The virus seems to be crypto-focused, with names such as doge-coin, bitcoin_vanity, coin_base and blockchain_wallet, with the last 2 have the highest downloads, 424 and 423 respectively. 

Tags: , ,