RubyGems
Coverage of RubyGems in the Nexus archive.
- Attackers Weaponize RubyGems for Data Dead Drops
Threat actors are publishing malicious RubyGems packages that target public-facing UK government servers with scrapers, but their objective is unclear. The attackers are using RubyGems to potentially gather data or disrupt services. This incident highlights a new security risk for government agencies.
- GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
GemStuffer has targeted the RubyGems repository with over 150 gems to exfiltrate data from a U.K. council portal. The gems are used as a data exfiltration channel rather than for malware distribution. Many of the packages have little or no download activity and repetitive payloads.
- RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
RubyGems has paused new signups due to a major malicious attack where hundreds of malicious packages were uploaded. The attack is being dealt with by the RubyGems team. Signups are currently paused as a precautionary measure.