This latest occurrence was made known by a Cambridge-based ReversingLabs, Massachusetts in a blog post about two days ago.
According to the report, hackers inserted malicious files inside a package manager named RubyGems. This package manager is normally used to upload and share the performances and improvements on existing pieces of software.
The report further stated that the hackers were attempting to trick developers into downloading malware with a method known as “typosquatting”, consisting of malicious packages with similar names to normal ones.
The hope of the hackers lied on a developer making a download of the infected package by mistake, which will expressly give the hackers access to their system.
As soon as the hackers gain entrance, the malware will execute a malicious script that starts an infinite loop meant to lay hold of a user’s clipboard data, which will then redirect all subsequent cryptocurrency transactions to the hackers’ designated wallet address.
However, the hackers’ efforts and preplanned perpetration were said to be unsuccessful. It has now become too late for the hackers, as the cybersecurity firm got in touch with RubyGems as soon as the attack was detected, resulting in the removal of the infected files.
A part of the report reads thus:
“The perfect candidate to succumb to this type of ‘spray-and-pray’ supply chain attack is a Ruby developer whose environment of choice is a Windows system that’s also periodically being used to make Bitcoin transactions. A rare breed indeed.”
Assuming the attack was successful, it could have been so devastating for RubyGems, due to its numerous packages with relatively 49 billion downloads, which has always been the target for hackers that are interested in stealing digital currencies.
