A new wave of 60 malicious RubyGems packages malware campaigns targets social media automation tools to exfiltrate user credentials, mainly affecting South Korean users and grey-hat marketers. Similar threats are emerging on PyPI with malicious packages hijacking cryptocurrency staking functions, prompting new security restrictions. #RubyGems #PyPI #CredentialTheft #CryptocurrencyHijacking
Keypoints
- A threat actor has been distributing 60 malicious RubyGems posing as automation tools since March 2023.
- The gems secretly exfiltrate user credentials to external servers while offering legitimate-looking functionalities.
- Some gems focus on financial platforms, manipulating engagement to influence stock discussions.
- Malicious Python packages on PyPI aim to steal cryptocurrency from Bittensor wallet users by hijacking staking functions.
- PyPI enforces new restrictions to prevent ZIP-based malicious payloads, with plans to reject problematic packages from 2026.
Read More: https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html