- One of the latest such malwares is the infected RubyGems package manager
- Security researchers have claimed detection of 2 gems namely ‘pretty_color’ and ‘ruby-bitcoin’ which are malwares deploying attacks on Windows machines
Since cryptocurrencies are completely dependent on technology, the threat of cyber-attacks is imminent. Hackers are known to be tech-savvy and can penetrate complex systems and infect them to their advantage. Honest users would not even be aware if they are being impacted by such threats. Hackers can convincingly mask their virus to appear as a regular website/link and successfully get access to the most confidential details.
One of the latest such malwares is the infected RubyGems package manager. This package is a collection of software tools responsible for automating the process of installing, upgrading, configuring and removing various computer programmes from their operating systems in a regular and smooth manner. The RubyGems package manager is a tool designed for distribution of Ruby programmes and libraries. An infected such package has been detected in the open-source repository containing malicious codes primarily to steal cryptocurrencies from users through the supply chain attack.
How does this program negatively impact the Cryptocurrency transaction?
Security researchers have claimed detection of 2 gems namely ‘pretty_color’ and ‘ruby-bitcoin’ which are malwares deploying attacks on Windows machines. These programmes would convincingly replace any Bitcoin (BTC), Ethereum (ETH) or Monero (XMR) wallet address on the victim’s clipboard with that of the attacker’s.
As such programmes are very technical for the common man to understand, the hackers take advantage of it and will take control of the account without the user’s knowledge. Anyone can upload a ‘gem’ to the repository and open the doors for threat actors to infect the system with their malicious packages.
In this specific case, a clipboard hijacker is deployed which would silently change the wallet address of the user with that of the hacker. The back-end scripts are malicious contained in the VBS files. Thus, if even if a user mistakenly installs these gems, and would copy-paste a bitcoin recipient wallet address anywhere on the system, this wallet address would be replaced with that of the attacker who now has complete control of the system and bitcoins.
As this address is very complex in nature, user is not going to check it for every transaction. Unless the user double-checks the address after pasting it, they would be victim to such cyber threats.
The threat of cyber-crime is ever evolving and will continue to pose a threat despite significant developments in regulations and security firewalls. The federal authorities and users have to be very cautious and not share confidential details with anyone irrespective of the situations. With bitcoins gaining attention in 2020, there has been a 430% increase in upstream software supply chain attacks which is very alarming.
Whether the compromised system is controlled by a high skilled hacker or a mischief by an amateur threat actor could be anyone’s guess. However, the pace at which these threats are increasing is a word of caution for all users in addition to following regulatory rules and regulations laid down.