Topic: 2 new Rubygems package link with malicous crypto clipboard malware (Read 112 times)
December 17, 2020, 07:32:13 AM
Just imagine if this clipboard wasn't discovered by cyber investigators, the damage it can be done and it could be many in crypto space falling for this scheme. So it's good that it has been stop on it's track for now. But we shouldn't get complacent as these criminals will find a new way to exploit the other systems to inject malicious codes.
December 16, 2020, 11:07:08 PM
This is happening. Be careful all of you. Day by day new and new problems are coming.
December 16, 2020, 09:25:32 PM
Probably it contributed to the widespread or spike of crypto related clipboard malware recently. As it is really hard to detect in the beginning. And the best weapons against this kind of attack, is to verify and check every bitcoin addresses we're using specially if we are going to used copy and paste function.
December 16, 2020, 04:30:22 PM
For Rubygems developers:
There is a new malicious Rubygems packages recently found to include a malicious code, that acts as a clipboard malware:
- pretty_color-0.8.1.gem
- ruby-bitcoin-0.0.20.gem
So as this is a clipboard malware, the code once installed will be persistence and will monitor your clipboard for any bitcoin, ethereum and monero addresses. And once you copied it and paste it to your wallet, the malware will replace it with their own addresses. So far the following addresses have been identified:
So to everyone, be careful doing copy and paste and you have to check everything. For reference, you can read @LoyceV How to lose your Bitcoins with CTRL-C CTRL-V.
https://blog.sonatype.com/rubygems-laced-with-bitcoin-stealing-malware
https://www.bleepingcomputer.com/news/security/malicious-rubygems-packages-used-in-cryptocurrency-supply-chain-attack/
There is a new malicious Rubygems packages recently found to include a malicious code, that acts as a clipboard malware:
- pretty_color-0.8.1.gem
- ruby-bitcoin-0.0.20.gem
So as this is a clipboard malware, the code once installed will be persistence and will monitor your clipboard for any bitcoin, ethereum and monero addresses. And once you copied it and paste it to your wallet, the malware will replace it with their own addresses. So far the following addresses have been identified:
- Bitcoin: bc1qgmem0e4mjejg4lpp03tzlmhfpj580wv5hhkf3p
- Ethereum: 0xcB56f3793cA713813f6f4909D7ad2a6EEe41eF5e
- Monero: 467FN8ns2MRYfLVEuyiMUKisvjz7zYaS9PkJVXVCMSwq37NeesHJpkfG44mxEFHu8Nd9VDtcVy4kM9i VD7so87CAH2iteLg
So to everyone, be careful doing copy and paste and you have to check everything. For reference, you can read @LoyceV How to lose your Bitcoins with CTRL-C CTRL-V.
https://blog.sonatype.com/rubygems-laced-with-bitcoin-stealing-malware
https://www.bleepingcomputer.com/news/security/malicious-rubygems-packages-used-in-cryptocurrency-supply-chain-attack/
Jump to: