Security researchers have uncovered a major software supply chain attack targeting the Ruby programming community.
A total of 60 malicious Ruby gems, which are software packages used by developers, were found to contain hidden code that steals sensitive information.
These harmful packages have been downloaded more than 275,000 times since March 2023. Many of them were disguised as legitimate automation tools for popular platforms such as Instagram, Twitter, TikTok, WordPress and Telegram. While they appeared to work normally, they secretly collected usernames, passwords and other personal details from users.
The stolen data included plain text login credentials, MAC addresses for device tracking and the name of the package used. This information was sent to remote servers controlled by the attackers. Some of these malicious gems are still available for download, which means the threat has not been fully removed.
Experts believe the campaign may have been aimed at specific groups such as marketers who use automated tools to manage multiple accounts. Since these users often operate with temporary or throwaway accounts, the attack could remain unnoticed for longer periods.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
