Malicious cryptojacking scripts have been found in 11 open-source code libraries of the widely used programming language Ruby.
According to a Decrypt report, the malware was discovered on Tuesday inside the Github code repository, infecting the language manager called RubyGems.
Though the actual number of victims is not known yet, it can be anticipated that thousands of computers are infected.
According to the report, the hackers downloaded the popular code libraries from RubyGems and uploaded them again under new names after infecting them with malicious pieces of code.
“On August 19, @juskoljo observed the malicious gem version and created this issue. Later that day, the RubyGems security team yanked the offending gem version and locked the affected maintainer’s account. Several other gems were similarly affected,” GitHub user Juskoljo stated.
KVB PRIME Strikes UK with Influential Finance Summit SponsorshipGo to article >>
A nifty way to spread malware
Out of the eleven libraries, five were directly related to crypto with names including doge_coin, coin_base, and blockchain_wallet. These libraries were downloaded more than a thousand times.
Uploaded in early July, the infected version of coin_base was downloaded 424 times, being the most downloaded library, followed by blockchain_wallet with 423 downloads. In total, the eleven libraries were downloaded over 3500 times.
Cryptojacking is one of the most common crimes using digital currencies. Perpetrators usually inject malicious codes to victims’ computers by various techniques and use their computers’ processing power to mine digital currencies. Though several cryptocurrencies can be mined using CPU-power, Monero is the most favored digital coin for these hackers.
Last year, security company McAfee reported that cryptojacking activities soared by 4,000 percent in 2018 alone. However, the increasing trend is now going the other way, according to a recent report Check Point Security.
Last week, Finance Magnates reported that a newly discovered crypto-mining malware called Norman is infecting the computers of medium-sized companies and is also hiding the mining process from the Task Manager when it is opened.