Cryptojacking software has been found in 11 code libraries for the programming language Ruby—exposing thousands of people.
The latest heist,discovered yesterday on code repository Github made use of a package manager called RubyGems, a popular program that allows developers to upload and share improvements on existing pieces of software.
The hackers hid their code in 11 popular libraries on RubyGems by downloading the software, infecting them with malware, then re-uploading them to RubyGems under new names. The infected libraries were downloaded over three and a half thousand times.
Five of the eleven libraries were specifically related to crypto, with names such as doge_coin, coin_base, and blockchain_wallet, and were downloaded over a thousand times.
Out of these, coin_base and blockchain_wallet were downloaded the most. Infected versions of coin_base were downloaded 424 times since July 9th, and blockchain_wallet was downloaded 423 times since July 10th, when the libraries were first uploaded.
Cryptojacking software is designed to illicitly mine cryptocurrencies on the unsuspecting user’s computer and send them back to the mastermind of the operation. Traditionally, Monero is the favored cryptocurrency as its anonymous.
The RubyGems hack is the latest in a slew of crypto-mining hacks. Just last week, Varonis Security Researchdiscovered a new type of crypto-mining malware—which for some reason they called “Norman”—running on a company’s computer systems for over a year.
A recentreport by Check Point Security noted that while cryptojacking is still popular, it’s on the decline. In the first half of last year, 42 percent of organizations worldwide had been infected by crypto-miners at some point. For the same period this year, just 26 percent.
Check Point says that the fall is probably down to the closure of crypto-jacking service Coinhive, which shut its doors in February. Now, crypto-jackers are looking to exploit cloud computing systems, which crypto-jacker researcher Troy Mursch says are the real moneymakers.