据外媒报道，RubyGems 维护人员移除了18个包含后门机制的恶意版本的Ruby库，如果剔除同一库的不同版本，那么包含后门机制的Ruby库有11个。据悉，这些 Ruby 库被攻击者破解并恶意植入了后门代码，可在其他人启用的 Ruby 项目中开展隐匿的加密货币挖掘任务。

恶意代码是在流行Ruby库rest-client的四个版本中首次发现的，荷兰Ruby开发人员Jan Dintel分析称：“rest-client中发现的恶意代码会收集受攻击系统的URL和环境变量，发送到乌克兰的远程服务器。根据用户设置，可能会包括用户的服务使用凭证，例如数据库、支付服务提供商等。”

另外，代码还包含一个后门机制，允许攻击者将cookie文件发送回受攻击的项目，并执行恶意命令。

据了解，这些恶意代码已经存在了一个多月未被他人发现，在恶意库版本被RubyGems移除之前，已经累积了3584次下载。官方建议如果项目开发者使用了这些库，一定要采取相应的升级或降级措施，使用相对安全的版本。

发现后门代码的Ruby库列表：

rest-client: 1.6.10 (downloaded 176 times since August 13, 2019), 1.6.11 (downloaded 2 times since August 14, 2019), 1.6.12 (downloaded 3 times since August 14, 2019), and 1.6.13 (downloaded 1,061 times since August 14, 2019)
bitcoin_vanity: 4.3.3 (downloaded 8 times since May 12, 2019 )
lita_coin: 0.0.3 (downloaded 210 times since July 17, 2019)
coming-soon: 0.2.8 (downloaded 211 times since July 17, 2019)
omniauth_amazon: 1.0.1 (downloaded 193 times since July 26, 2019)
cron_parser: 0.1.4 (downloaded 2 times since July 8, 2019), 1.0.12 (downloaded 3 times since July 8, 2019), and 1.0.13 (downloaded 248 times since July 8, 2019)
coin_base: 4.2.1 (downloaded 206 times since July 9, 2019) and 4.2.2 (downloaded 218 times since July 16, 2019)
blockchain_wallet: 0.0.6 (downloaded 201 times since July 10, 2019) and 0.0.7 (downloaded 222 times since July 16, 2019)
awesome-bot: 1.18.0 (downloaded 232 times since July 15, 2019)
doge-coin: 1.0.2 (downloaded 213 times since July 17, 2019)
capistrano-colors: 0.5.5 (downloaded 175 times since August 1, 2019)

RubyGems 维护人员在 11 个 Ruby 库中发现了后门代码