- Aug 17, 2014
RubyGems, an open-source package repository and manager for the Ruby web programming language, has taken two of its software packages offline after they were found to be laced with malware.
RubyGems provides a standard format for distributing Ruby programs and libraries in the service of building web applications. These programs and libraries are collected into software packages called “gems,” which can be used to extend or modify functionality in Ruby applications.
Two of these gems available in its open-source software repository, “pretty_color” and “ruby-bitcoin,” were discovered by researchers at Sonatype to be corrupted to steal Bitcoin from unsuspecting web-application users.
“The gems contained malware that ran itself persistently on infected Windows machines and replaced any Bitcoin or cryptocurrency wallet address it found on the user’s clipboard with the attacker’s,” according to Ax Sharma, researcher at Sonatype, writing in a Wednesday posting. “This means if a user [of a corrupted web app built using the gems]…[were] to copy-paste a Bitcoin recipient wallet address somewhere on their system, the address would be replaced with that of the attacker, who’d now receive the Bitcoins.”