RubyGems and PyPI Under Siege: Discovery of Malicious Packages
A recent investigation has unveiled a series of 60 malicious packages infiltrating the RubyGems ecosystem. These packages masquerade as innocent automation tools for social media, blogging, or messaging services, aiming to steal user credentials for potential resale on dark web platforms like Russian Market.
Threat Actor Activity Since March 2023
According to software supply chain security firm Socket, the malicious activity has been ongoing since at least March 2023. These nefarious packages have amassed over 275,000 downloads. However, this figure does not necessarily indicate the actual number of compromised systems, as not all downloads lead to execution, and multiple downloads may occur on a single device.
Security researcher Kirill Boychenko identified a threat actor using aliases such as zon, nowon, kwonsoonje, and soonje. This actor has deployed 60 deceptive gems, posing as automation tools for popular platforms like Instagram, Twitter/X, TikTok, WordPress, Telegram, Kakao, and Naver.
Covert Credential Theft
While the gems provide the promised functionality, such as bulk posting or engagement, they also contain hidden capabilities to extract usernames and passwords. This is achieved through a simple graphical user interface prompting users to enter their credentials, which are then sent to an external server controlled by the attacker.
Impact on Financial Platforms and Grey-Hat Marketers
Some gems, like njongto_duo and jongmogtolon, target financial discussion platforms. These libraries are promoted as tools for spamming investment-related forums with stock mentions and synthetic engagement, aiming to manipulate public perception.
The servers receiving the stolen information include programzon[.]com, appspace[.]kr, and marketingduo[.]co[.]kr. These domains offer bulk messaging, phone number scraping, and automated social media tools.
Victims are likely grey-hat marketers who use such tools for spam, search engine optimization (SEO), and engagement campaigns to artificially boost visibility.
Socket noted, “Each gem functions as a Windows-targeting infostealer, primarily (but not exclusively) aimed at South Korean users, as evidenced by Korean-language UIs and exfiltration to .kr domains.” This campaign’s evolution suggests a mature and persistent operation.
By embedding credential theft functionality within gems marketed to automation-focused grey-hat users, the threat actor covertly captures sensitive data while blending into seemingly legitimate activities.
PyPI Faces Typosquatting Threats
In a related development, GitLab detected multiple typosquatting packages on the Python Package Index (PyPI), designed to steal cryptocurrency from Bittensor wallets by hijacking legitimate staking functions. The packages imitating bittensor and bittensor-cli include:
- bitensor (versions 9.9.4 and 9.9.5)
- bittenso-cli (version 9.9.4)
- qbittensor (version 9.9.4)
- bittenso (version 9.9.5)
GitLab’s Vulnerability Research team highlighted that attackers specifically targeted staking operations. By hiding malicious code within legitimate-looking staking functionality, they exploited both the technical requirements and user psychology inherent in routine blockchain operations.
Enhanced Security Measures for PyPI
These disclosures coincide with new restrictions by PyPI maintainers to safeguard Python package installers from confusion attacks arising from ZIP parser implementations. PyPI will reject Python packages “wheels” (ZIP archives) that attempt to smuggle malicious payloads past manual reviews and automated detection tools.
Seth Michael Larson from the Python Software Foundation explained, “This has been done in response to the discovery that the popular installer uv has a different extraction behavior than many Python-based installers that use the ZIP parser implementation provided by the zipfile standard library module.”
PyPI credited Caleb Brown from the Google Open Source Security Team and Tim Hatch from Netflix for reporting the issue. It will also warn users when they publish wheels whose ZIP contents don’t match the included RECORD metadata file.
“After 6 months of warnings, on February 1st, 2026, PyPI will begin rejecting newly uploaded wheels whose ZIP contents don’t match the included RECORD metadata file,” Larsen added.
For more information, visit the source link: https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html
