You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found the author shaggy has uploaded 23 malicious packages. Please remove this author and all his packages!
These packages are mainly two categories: crypto mining (e.g. aloha_analyser, get-text) and cookie/password stealing (e.g. chrome_taker, color_hacker). The crypto mining ones contain the same payload as /tmp/rc9 in the report.
@sonalkr132 - Do you have a list of all of the affected gems that were yanked? I know your wiki page has a running list of gems that were yanked, but the entry for this instance just states that "All gems where shaggy is the owner". I'd like to know the exact gems that were yanked so I can ensure my company's internal RubyGems cache also has these malicious gems pulled.
@kpshek The full list of the packages from shaggy are listed below: chrome_taker, color_hacker, aloha_analyser, get-text, ruby_nmap, get-texts, colourize, colourful, TacoBell, unix_crypt, colour-lib, colour_lib, json_colour, unixCrypt, auto-cron, json-colour, CopyIp, colour_cat, colour-generator, phantom-proxy, colour_adjuster, colour_parser, btc-ruby.
Hi RubyGems maintainers,
I found the author shaggy has uploaded 23 malicious packages. Please remove this author and all his packages!
These packages are mainly two categories: crypto mining (e.g. aloha_analyser, get-text) and cookie/password stealing (e.g. chrome_taker, color_hacker). The crypto mining ones contain the same payload as
/tmp/rc9
in the report.https://rubygems.org/profiles/shaggy
https://b4d.sablun.org/blog/2019-04-19-ignoring-atlassian-confluence-security-advisories/
The text was updated successfully, but these errors were encountered: