The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The dangerous code was used to check the password strength of user-chosen passwords when the library was being used in a production environment. The code would download a payload from Pastebin.com and execute it to create the actual backdoor. Backdoored code was only distributed through RubyGems, it was not uploaded on the librarys GitHub account. The attacker created a new version of the library (version 0.0.7 that contained the backdoor code) that was downloaded by 537 users.”]
Source: https://securityaffairs.co/wordpress/88093/hacking/ruby-strong_password-library-backdoor.html