Article 529S6 Supply-chain attack hits RubyGems repository with 725 malicious packages

Supply-chain attack hits RubyGems repository with 725 malicious packages

by
Dan Goodin
from Ars Technica - All content on (#529S6)
ruby.jpg

Enlarge (credit: ReversingLabs)

More than 725 malicious packages downloaded thousands of times were recently found populating RubyGems, the official channel for distributing programs and code libraries for the Ruby programming language.

The malicious packages were downloaded almost 100,000 times, although a significant percentage of those are likely the result of scripts that automatically crawl all 158,000 packages available in the repository, Tomislav Pericin, the cofounder and chief software architect of security firm ReversingLabs, told Ars. All of them originated from just two user accounts: "JimCarrey" and "PeterGibbons."

The accounts, which ReversingLabs suspects may be the work of a single individual, used a variation of typosquatting-the technique of giving a malicious file or domain a name that's similar to a commonly recognizable name-to give the impression they were legitimate. For instance, "atlas-client," a booby-trapped package with 2,100 downloads, was a stand-in for the authentic "atlas_client" package. More than 700 of the packages were uploaded from February 16 to 25.

Read 7 remaining paragraphs | Comments

index?i=0ANvIwehJHA:s4L339_numY:V_sGLiPB index?i=0ANvIwehJHA:s4L339_numY:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments