A cryptojacking code has been discovered in 11 open-source code libraries. The code was written in Ruby and has been downloaded more than three thousand times.
Crypto news site Decrypt reported that the malicious code was integrated to 11 open Ruby libraries disseminated on the RubyGems package manager. The program is popular among developers as it allows them to upload and share enhancements on current software.
It’s said that hackers downloaded the software, placed the malware, and then upload everything on RubyGems but under new names.
The contaminated libraries were allegedly downloaded more than 3,500 times.
A GitHub user first noticed the malicious code. The user called attention to the problem on August 19. He noted that once executed, the library initialized supplementary code from text hosting platform Pastebin. This would trigger malicious mining.
The malware reportedly also sends the address of the contaminated host to the attacker along with environmental factors that might include credentials.
Several users already suggested that contributors to the RubyGems platform should implement a two-pronged authentication on their accounts, especially since they could infect numerous systems if they’re compromised.
It was also discovered that five of the infected libraries were crypto-specific. They carried names like bitcoin_vanity, blockchain_wallet, coin_base, and doge-coin. The coin_base and blockchain_wallet were the two most downloaded libraries, with 424 and 423 downloads respectively.
The RubyGems issue is just the latest in a spate of crypto-mining hacks. Last week, a new kind of crypto-mining malware, dubbed “Norman,” was uncovered last week by Varonis Security Research. However, the malware had been running on one company’s computer systems for more than a year.