- Hackers targeted installation packages for the Ruby programming language.
- RubyGems libraries were infected with malware; developers could accidentally install Bitcoin stealers.
- Luckily, the attack was too obscure to ever work.
A cybersecurity firm discovered that over 700 libraries of the popular programming language, Ruby, contained malicious Bitcoin-stealing software.
ReversingLabs, based in Cambridge, Massachusetts, disclosed its findings in a blog post on Thursday. Back in February, it wrote, hackers placed malicious files inside a package manager called RubyGems—which is usually used to upload and share improvements on existing pieces of software.
The hackers were trying to trick developers into downloading malware by using a method called “typosquatting”, which consists of uploading malicious packages with similar names to regular ones. By just changing a few characters of a file name, the hope was that a developer would mistakenly download an infected package—unwittingly providing the hacker with access to their system.