Malware in a gem :)

laowai121's Avatar

laowai121

02 Sep, 2018 03:55 PM

Hi!
I've tried to install the HTTParty gem today, but I was unlucky to misspell it as httpparty and it installed a script mining cryptocurrency on my laptop.
Apparently the gem itself and the author are now removed from rubygems.org, but "gem install httpparty" still installed the malware onto my laptop.
Would there be any way to completely delete the malicious gem from the repository so other people don't make the same mistake?

https://webcache.googleusercontent.com/search?q=cache:vBSafGvWaZAJ:https://rubygems.org/profiles/Scooby+&cd=1&hl=en&ct=clnk&gl=uk
Apparently this user created quite a few gems with names similar to those of real gems

I guess you were aware of the problem, since the user is now removed. But I can't find any information on google about it, so I thought I should still let you know. Just in case

Thank you! :)

  1. Support Staff 1 Posted by kerrizor on 08 Sep, 2018 03:29 AM

    kerrizor's Avatar

    Thanks for letting us know. The gem has been removed.

  2. kerrizor closed this discussion on 08 Sep, 2018 03:29 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac