Crypto theft is quite common, and it’s no laughing matter. Recently, as many as 725 separate forms of malware were discovered on the Ruby Gems platform, which is typically used for downloading and offering Ruby programming language. The malware was widely designed to get in the way of bitcoin and crypto payments and potentially shift them over to wallets and addresses controlled by hackers.
Malware Is Big… and Dangerous
In all, there were more than 100,000 malware downloads, and all the packages stemmed from two user accounts under the names “JimCarrey” and “PeterGibbons.” Many of the illicit software packages were hidden under names that were designed to make them appear more legitimate. This ultimately led to the many downloads in question, as customers thought they were getting their hands on the real thing.
But underneath these allegedly real names were phony forms of software looking to intercept crypto payments. Examples of falsely named software packages include “atlas-client,” which was meant to serve as a decoy for “atlas_client.” More than 2,000 individual downloads of the software occurred.
Crypto theft has come in many forms over the years. Arguably, two of the biggest ones involve attacking crypto exchanges or trading platforms directly, or invoking a process known as crypto jacking.
The latter occurs when a hacker takes over a person’s computer or digital device without their knowledge or consent. From there, the hacker uses their newfound control and power to mine cryptocurrencies, primarily Monero given it boasts quasi-anonymous properties. The hacker can make a mint through their newfound mining venture, while the owner of the device gets nothing minus the high energy bills that they receive in the mail each month.
Several trading exchanges have been directly hit in the past. The biggest examples include Mt. Gox and Coincheck, both of which took place in Japan approximately four years apart from each other (February 2014 and January 2018, respectively). The first saw more than $400 million in BTC funds disappear virtually overnight, while the second saw more than half-a-billion in crypto funds stolen, making it the largest digital theft in the history of the crypto space.
This is not the first time someone has tried to upload malicious code onto the Ruby Gems platform. In 2016, a college student uploaded several malicious software packages to be downloaded by developers of Python, Ruby and Java scripts. These illicit codes were ultimately downloaded more than 40,000 times on more than 10,000 domains including two military-based ones.
No Way to Know…
Tomislav Pericin – co-founder of Reversing Labs – explains:
There are very few protections out there for software developers to make sure that packages they install from these repositories are malware free. There is a huge gap in the market which is being exploited by malware authors.