Security: Bitcoin Holders Under Attack From 700+ Malicious Ruby Developer Libraries

The cryptocurrency industry remains the primary target for cybercriminals and hackers as these bad actors continuously look for techniques to steal the digital assets of unsuspecting crypto users.

760 malicious libraries in RubyGems

A Monday report revealed that hackers secretly uploaded around 760 malicious libraries to RubyGems, the package manager for the Ruby programming language that provides a standard format for distributing Ruby programs and libraries.

The malicious libraries which were later identified were designed to steal Bitcoin. The cybercriminals used simple typosquatting to carry out their plans, according to a threat analyst at Reversing Labs, Tomislav Maljic.

Maljic further explained that typosquatting is the process of changing a character or two in a filename or URL in order to fool people into thinking it’s legitimate.

He made an example of a legitimate file probably called “thisisafile.exe,” while malicious impersonator may call it “this1safike.exe.” Hence, trapping a user who is not observant enough to download the malicious file by mistake.

The RubyGems package manager contains open-source components called *gems”, which can be used as basic application building blocks by software developers. The RubyGems repository contains around 158,000 gems, with about 49 million downloads.

It would be a big catch for the criminals if software developers accidentally download the rogue files instead of the legitimate gems. Once downloads are completed, the software packages they built using the libraries will automatically harbor the Bitcoin stealer, putting all users of the malicious software in at risk of losing their funds.

Maljic said a Ruby developer is more likely to fall for this if they are not careful enough. 

The perfect candidate to succumb to this type of ‘spray-and-pray’ supply-chain attack is a Ruby developer whose environment of choice is a Windows system that’s also periodically being used to make Bitcoin transactions.

The fraudulent activity was noticed by software users and Reversing Labs started monitoring for new RubyGems additions that had similar names to any of the baseline list gems. This helped them to identify the criminals red-handed. 

“By looking at the RubyGems repository, we discovered that all those gems originated from two user accounts – ‘JimCarrey’ and ‘PeterGibbons’ – with a fairly high number of total downloads. It seemed that we caught them red-handed, as the account of ‘PeterGibbons’ was actively adding new typosquatted gems at the time of our analysis,” the researcher explained.

Stay SAFU, always

This latest attempt from hackers is a reminder to members of the crypto community to take as many security measures as possible to secure their digital assets. These fraudsters are always seeking out new finds to exploit and steal cryptocurrencies. 

Earlier today, Coinfomania reported a crypto user who lost 1 BTC to a popular fake Bitcoin giveaway.

Never miss out on our daily crypto news, stories, tips, and price analysis.  Join us on Twitter | Telegram | Facebook or subscribe to our weekly Newsletter

This article is Originally posted on
Author: Caroline Amosun

Related Articles

Author: Caroline Amosun