New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users. The packages are masquerading as a bitcoin library and a library for displaying strings with different color effects. A clipboard hijacker monitors the Windows clipboard for cryptocurrency addresses, and if one is detected, replaces it with an attacker’s address. Unless a user double-checks the address after they paste it, the coins will go to the attacker’s cryptocurrency address instead of the intended recipient.
Source: https://www.bleepingcomputer.com/news/security/malicious-rubygems-packages-used-in-cryptocurrency-supply-chain-attack/