Sonatype experts have discovered the pretty_color and ruby-bitcoin malicious packages in the official RubyGems repository. The malware has already been removed from the platform. The malware hidden in the mentioned packages targeted Windows machines and replaced the addresses of any cryptocurrency wallets in the clipboard with the attackers’ wallet address. In essence, the malware helped… Continue reading Malicious packages found in RubyGems repository again
Tag: Sonatype
Researchers discovered four npm packages that were collecting user data
Sonatype identified four npm packages that collected and sent to their creator’s data about user machines, such as IP addresses, computer username, home directory path, processor model, and country and city information. The discovery originally made Sonatype malware detection robots that scan millions of applications. “Following alerts from the Sonatype bots, our security research team… Continue reading Researchers discovered four npm packages that were collecting user data