The theft of cryptocurrency from individual users is a known phenomenon; but hackers are developing increasingly sophisticated schemes to steal foreign bitcoins. Researchers at Reversinglabs found that it was not someone’s personal wallet that was infected with the Trojan to transfer digital money; but an entire programming language.
The attackers approached the case with a wide range of malware traces in the popular Rubygems repository.
According to a published report, the virus affected 725 Ruby programming language libraries.
«Injection» of malicious code in the repository was performed from the accounts of Jimcarrey and Petergibbons. The archive they downloaded contained clones of popular libraries with an integrated trojan; with their names resembling original ones to confuse users.
The infected libraries worked for the intended purpose, but at the same time, leaked the contents of the computer clipboard to hackers.
The virus was programmed to translate bitcoins according to predefined requisites. According to security experts, the large-scale forgery was discovered two days later; but thousands of users downloaded it before the libraries were removed.
Researchers believe that the same group of hackers that uploaded such archives in 2018 and 2019 were involved in the development of the Trojan. However, based on the Bitcoin address of the attackers, they were never able to intercept any means using malicious code.
