RubyGems Ransacked: 60 Malicious Packages Targeting Credential Thieves Uncovered
A whopping 60 malicious packages have infiltrated the RubyGems ecosystem, masquerading as helpful automation tools. Since at least March 2023, these gems have been busy stealing credentials like they’re shopping for Black Friday deals. Beware of these faux helpers targeting social media platforms, as they might just run off with your passwords!
Hot Take:
Who knew that downloading a gem could cost you more than a pretty penny? It seems like cybercriminals are stepping up their game, offering the ultimate two-for-one deal: a tool that promises to automate your social media presence while simultaneously automating the theft of your credentials. Remember, folks, if a deal seems too good to be true, it probably is—especially if that deal involves hacking your bank account while you try to get more likes on Instagram.
Key Points:
- Sixty malicious RubyGems packages posing as automation tools have been uncovered, targeting social media and other platforms.
- The threat actors have been active since at least March 2023, with more than 275,000 downloads.
- These packages steal credentials by displaying a graphical user interface for users to input their information.
- The campaign primarily targets South Korean users but isn’t limited to them.
- Similar typosquatting tactics have been found in Python Package Index (PyPI) targeting cryptocurrency.