News

In Ruby password checking library discovered a backdoor

Developer Tute Costa found a backdoor in the Ruby library “strong_password”, with which attackers could execute any code in applications containing this library.

As Costa found out, malicious code checked in which environment the library is located – in test or production. If in production, the code downloaded from Pastebin an additional malicious module that serves as a backdoor in applications or on web sites that use the strong_password library.

“In a loop within a new thread, after waiting for a random number of seconds up to about an hour, it fetches and runs the code stored in a pastebin.com, only if running in production, with an empty exception handling that ignores any error it may raise”, — reported Tute Costa.

Tute Costa
The backdoor sent the URL of each infected site to smiley.zzz.com.ua, and waited for instructions that it received in the form of packed cookies.

Having discovered the problem, Costa made an attempt to contact the real owner of the library, but it turned out that the developer’s RubyGems account was intercepted by an intruder. In this account, the hacker posted a malicious version of “strong_password” 0.0.7, containing a backdoor. According to RubyGems statistics, the malicious version was downloaded 537 times.

Costa told the owner of the library and the RubyGems security service about the find. The malicious version was removed from the repository within a week after the download.

A similar incident happened in April of this year, when a hacker crashed into the Bootstrap-Sass Ruby library with an almost identical backdoor deployment mechanism.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Re-captha-version-4-21.buzz Pop-up Ads

About Re-captha-version-4-21.buzz Re-captha-version-4-21.buzz pop-ups can not launch out of the blue. If you have actually…

6 hours ago

Remove Eliteadblocker.net Pop-up Ads

About Eliteadblocker.net Eliteadblocker.net pop-ups can not expose out of the blue. If you have clicked…

11 hours ago

Remove News-xzexivu.info Pop-up Ads

About News-xzexivu.info News-xzexivu.info pop-ups can not introduce out of the blue. If you have actually…

13 hours ago

Remove Linkbtrads.top Pop-up Ads

About Linkbtrads.top Linkbtrads.top pop-ups can not expose out of nowhere. If you have actually clicked…

13 hours ago

Remove News-xzekevu.xyz Pop-up Ads

About News-xzekevu.xyz News-xzekevu.xyz pop-ups can not introduce out of the blue. If you have actually…

13 hours ago

Remove News-xzurufo.xyz Pop-up Ads

About News-xzurufo.xyz News-xzurufo.xyz pop-ups can not introduce out of the blue. If you have clicked…

13 hours ago