Crypto-jacking code discovered in open libraries for programmers

Importing Python Libraries (Video 1...
Importing Python Libraries (Video 19)

On the RubyGems platform, in 11 open source libraries that have more than 3,500 downloads, hidden code for crypto jacking has been discovered.

It is reported that hackers download libraries written in the Ruby programming language, inject malicious code, and then download them to RubyGems with new names. For example, the doge_coin, coin_base, and blockchain_wallet libraries associated with cryptocurrencies have been downloaded over a thousand times.

After the user installs such a library, it downloads additional files from the Pastebin website and launches hidden cryptocurrency mining. The malicious library also sends the hacker the IP address of the infected computer and various system parameters, which may contain personal information of the user.

RubyGems users believe that developers of popular libraries need to enable two-factor authorization when they log in to the site, since thousands of computers and users may suffer if their account is hacked and their libraries are replaced.

You Might Want To Read This:   Mozilla Firefox 3.5 RC3 is now available for download. For all platforms and in 70 languages.

Recall that the recently specialized cybersecurity company Varonis announced the discovery of a new Norman virus miner, which hides its presence from the task list.