Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers. About 760 malicious libraries, bent on stealing Bitcoin, have been identified so far in the Ruby programming language code base. Unobservant users could thus download the malicious file by mistake, endangering all users of that software. Researchers found a high number of portable executable (PE) files present, all carrying the file name aaa.png These PE files, masquerading as image files, were also located on the same path in every analyzed suspicious gems.
Source: https://threatpost.com/bitcoin-stealers-700-ruby-developer-libraries/154937/