For Rubygems developers:
There is a new malicious Rubygems packages recently found to include a malicious code, that acts as a clipboard malware:
- pretty_color-0.8.1.gem
- ruby-bitcoin-0.0.20.gem
So as this is a clipboard malware, the code once installed will be persistence and will monitor your clipboard for any bitcoin, ethereum and monero addresses. And once you copied it and paste it to your wallet, the malware will replace it with their own addresses. So far the following addresses have been identified:
- Bitcoin: bc1qgmem0e4mjejg4lpp03tzlmhfpj580wv5hhkf3p
- Ethereum: 0xcB56f3793cA713813f6f4909D7ad2a6EEe41eF5e
- Monero: 467FN8ns2MRYfLVEuyiMUKisvjz7zYaS9PkJVXVCMSwq37NeesHJpkfG44mxEFHu8Nd9VDtcVy4kM9i VD7so87CAH2iteLg
So to everyone, be careful doing copy and paste and you have to check everything. For reference, you can read @LoyceV
How to lose your Bitcoins with CTRL-C CTRL-V.
https://blog.sonatype.com/rubygems-laced-with-bitcoin-stealing-malwarehttps://www.bleepingcomputer.com/news/security/malicious-rubygems-packages-used-in-cryptocurrency-supply-chain-attack/