All news with #rubygems tag

Malicious npm, PyPI and RubyGems Packages Use Discord C2

⚠️ Researchers at a software supply chain security firm found multiple malicious packages across npm, PyPI, and RubyGems that use Discord webhooks as a command-and-control channel to exfiltrate developer secrets. Examples include npm packages that siphon config files and a Ruby gem that sends host files like /etc/passwd to a hard-coded webhook. The investigators warn that webhook-based C2 is cheap, fast, and blends into normal traffic, enabling early-stage compromise via install-time hooks and build scripts. The disclosure also links a large North Korean campaign that published hundreds of malicious packages to deliver stealers and backdoors.