Over 700 malicious gems were recently distributed through the RubyGems repository. The malicious campaign leveraged thewhere attackers uploaded intentionally misspelled legitimate packages in hopes that unwitting developers will mistype the name and unintentionally install the malicious library instead. Most of the gems were designed to secretly steal funds by redirecting cryptocurrency transactions to a wallet address under the attacker’s control. After the findings were disclosed, the malicious gems and associated attackers’ accounts were removed, almost two days later on February 27. It’s highly recommended that developers who unintentionally downloaded libraries into their apps and services should check if they’ve used the correct package names and the correct versions.
Source: https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html