An Interest In:
Web News this Week
- April 4, 2024
- April 3, 2024
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
Some of Our Sources
- Slashdot
- Mashable
- Smashing Magazine
- My Ink Blog
- Wal You
- CSS Tricks
- Freelance Switch
- Daily Now
- Dev To
- The Verge
Help Webnuz
Referal links:
December 20, 2020 12:34 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/J8Q3N-QevQw/rubygems-catches-two-packages-trying-to-steal-cryptocurrency-with-clipboard-hijacking
RubyGems Catches Two Packages Trying to Steal Cryptocurrency with Clipboard Hijacking
One day after they were uploaded, RubyGems discovered and removed two malicious packages that had been designed to steal cryptocurrency from unsuspecting users by installing a clipboard hijacker, reports Bleeping Computer, citing research by open-source security firm Sonatype. Fortunately, while the packages were downloaded a total of 142 times, "At this time, none of the cryptocurrency addresses have received any funds."These packages were masquerading as a bitcoin library and a library for displaying strings with different color effects. A clipboard hijacker monitored the Windows clipboard for cryptocurrency addresses, and if one is detected, replaces it with an address under the attacker's control. Unless a user double-checks the address after they paste it, the sent coins will go to the attacker's cryptocurrency address instead of the intended recipient... The base64 encoded string is a VBS file that is executed to create another malicious VBS file and configure it to start automatically when a user logs into Windows. This VBS script is the clipboard hijacker and is stored at C:\ProgramData\Microsoft Essentials\Software Essentials.vbs to impersonate the old Microsoft Security Essentials security software. The clipboard hijacking script monitors the Windows clipboard every second and check if it contains a Bitcoin address, an Ethereum address, or a raw Monero address.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/J8Q3N-QevQw/rubygems-catches-two-packages-trying-to-steal-cryptocurrency-with-clipboard-hijacking
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot