Two malicious software building blocks that could be baked into web applications prey on unsuspecting users. Researchers at Sonatype found two of these gems available in RubyGems were corrupted to steal Bitcoin from unsuspecting web-application users. The gems contained malware that ran itself persistently on infected Windows machines and replaced any Bitcoin or cryptocurrency wallet address it found on the user s clipboard with the attacker’s. Researchers have taken two of the software packages offline after they were found to be laced with malware.
Source: https://threatpost.com/rubygems-packages-bitcoin-stealing-malware/162360/