menuIcon
$ 109,385.6
BTC
$ 109,385.6
0.57 %
$ 2,588.07
ETH
$ 2,588.07
0.76 %
$ 0.5952
ADA
$ 0.5952
1.49 %
$ 662.35
BNB
$ 662.35
0.44 %
$ 152.06
SOL
$ 152.06
-0.51 %
Ibiam Wayas
Aug 22, 2019
by Ibiam Wayas

Crypto-jacking Program Spotted on Eleven Code Libraries; Five targets on Crypto

crypto-jacking
Github discovered a crypto-jacking program in 11 open-source code libraries, written on the Ruby programming language. Cryptojacking software is a malware that hijacks computer’s processing power to illicitly mine cryptocurrency on the browser.

According to the report by a news outlet, Decrypt, thousands of people got exposed as a result of the crypto-jacking software. These libraries are in the RubyGems platform-- a program that allows developers to share improvements on existing pieces of software.

The crypto-jacking program affected a total of eleven code Libraries, five of which relate specifically to Crypto. They bear names such as coin_base, doge_coin, and blockchain_wallet, and downloaded over a thousand times.

Coin_base and blockchain_wallet were downloaded mostly, per the report. The infected versions of blockchain_wallet were downloaded 423 times since July 10, and coin_base,  424 times since July 9.

The hacker downloaded the software from RubyGem, hid their crypto-jacking code on it, then re-uploaded them to RubyGem under new names. The infected libraries got downloaded over three and a half thousand times.

Per the report, the crypto-jacking program initially observed by a GitHub user. He reported about the issue on August 19.  

He noted that, when executed, the library downloaded additional code from the text hosting service Pastebin. It then triggered the malicious mining, due to the crypto-jacking program.

Moving further, the malware sends the address of the infected host to the attacker, alongside environment variables which can include credentials as well.

Notably, crypto-jacking software illicitly mines cryptocurrencies and send them back to the attacker. Monero is the favored cryptocurrency as its anonymous.

Most of the users suggested that Rubygems contributors should enable two-factor authentication on their accounts against crypto-jacking. If accounts are compromised, they could be used to infect many systems.

Wake of Cyber Criminals?

The RubyGems hack adds to the number of hacks done by crypto-jacking software. IBM X-Force Research team reported that the company saw a massive increase in cyber attacks against organizations across the world in 2018.

According to the report, crypto-jacking dominated the field of cybercrime, as hackers appear to be heading away from ransomware and malware attacks.

Follow us on: News
Crypto-jacking Program Spotted on Eleven Code Libraries; Five targets on Crypto
Ibiam Wayas
Ibiam Wayas is an optimistic crypto news reporter who also enjoys tech writing. He is an introvert who spends much of his time on the internet studying facts that will help him excel in the digital/cryptocurrency space.

Top Picks