The Crypto Times
Image default
News

Cryptojacking Code Discovered in 11 Open-Source Libraries, Has Been Downloaded Extensively

A cryptojacking code has been discovered in 11 open-source code libraries. The code was written in Ruby and has been downloaded more than three thousand times. 

Crypto news site Decrypt reported that the malicious code was integrated to 11 open Ruby libraries disseminated on the RubyGems package manager. The program is popular among developers as it allows them to upload and share enhancements on current software. 

RubyGems

It’s said that hackers downloaded the software, placed the malware, and then upload everything on RubyGems but under new names.

The contaminated libraries were allegedly downloaded more than 3,500 times.

A GitHub user first noticed the malicious code. The user called attention to the problem on August 19. He noted that once executed, the library initialized supplementary code from text hosting platform Pastebin. This would trigger malicious mining. 

The malware reportedly also sends the address of the contaminated host to the attacker along with environmental factors that might include credentials. 

Two-Pronged Authentication

Several users already suggested that contributors to the RubyGems platform should implement a two-pronged authentication on their accounts, especially since they could infect numerous systems if they’re compromised. 

It was also discovered that five of the infected libraries were crypto-specific. They carried names like bitcoin_vanity, blockchain_wallet, coin_base, and doge-coin. The coin_base and blockchain_wallet were the two most downloaded libraries, with 424 and 423 downloads respectively. 

The RubyGems issue is just the latest in a spate of crypto-mining hacks. Last week, a new kind of crypto-mining malware, dubbed “Norman,” was uncovered last week by Varonis Security Research. However, the malware had been running on one company’s computer systems for more than a year.

Related posts

Japan Railways Group Adds Cryptocurrency Payment Option

Viena Abdon

China’s The9 Ltd Reported to be First Publicly-Named Foreign Investor in Telegram ICO

Viena Abdon

Bitcoin.com Reveals Plans to Introduce BCH Investment Fund

Viena Abdon

UAE Launches Competition to Encourage Development of Blockchain-Powered Social Apps

Viena Abdon

The Flippening – How Ethereum is Set to Pass Bitcoin

Miles

Bitcoin’s Volatility Hits Two-Year Low, Will This Foreshadow a Rally?

Viena Abdon