<style>/*<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5925999397593177003&zx=0a5d67cf-68cc-4d02-8f9d-1cd27b54686d' media='none' onload='if(media!='all')media='all'' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=5925999397593177003&zx=0a5d67cf-68cc-4d02-8f9d-1cd27b54686d' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2460228594947362&host=ca-host-pub-1556223355139109" crossorigin="anonymous"></script>

<!-- data-ad-client=ca-pub-2460228594947362 -->

</head><body>*/</style>

Over 60 Malicious RubyGems Packages Used to Steal Social Media and Marketing Credentials

Sp123

8 Aug, 2025

Socket’s Threat Research Team has exposed a persistent campaign involving over 60 malicious RubyGems packages that masquerade as automation tools for platforms like Instagram, Twitter/X, TikTok, WordPress, Telegram, Kakao, and Naver. Active since at least March 2023, the threat actor operating under aliases such as zon, nowon, kwonsoonje, and soonje has deployed these gems to […]

Introduction to Malware Binary Triage (IMBT) Course

Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.

The post Over 60 Malicious RubyGems Packages Used to Steal Social Media and Marketing Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Article Link: https://gbhackers.com/over-60-malicious-rubygems-packages-used/

1 post - 1 participant

Read full topic

Malware Analysis, News and Indicators - Latest topics

Sp123

"The real threat is actually not when the computer begins to think like a human, but when humans begin to think like computers."

<style>/*
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/2422103421-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY4tPdJ1vutUFK0Z4dBbJU5TwKX0Kg:1754929530523';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d5925999397593177003','//www.sharitsec.eu.org/2025/08/over-60-malicious-rubygems-packages.html','5925999397593177003');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '5925999397593177003', 'title': 'SharITSec', 'url': 'https://www.sharitsec.eu.org/2025/08/over-60-malicious-rubygems-packages.html', 'canonicalUrl': 'https://www.sharitsec.eu.org/2025/08/over-60-malicious-rubygems-packages.html', 'homepageUrl': 'https://www.sharitsec.eu.org/', 'searchUrl': 'https://www.sharitsec.eu.org/search', 'canonicalHomepageUrl': 'https://www.sharitsec.eu.org/', 'blogspotFaviconUrl': 'https://www.sharitsec.eu.org/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': '', 'encoding': 'UTF-8', 'locale': 'en-GB', 'localeUnderscoreDelimited': 'en_gb', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22SharITSec - RSS\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/5925999397593177003/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22SharITSec - Atom\x22 href\x3d\x22https://www.sharitsec.eu.org/feeds/8384977589419074058/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-2460228594947362', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': true, 'adsenseAutoAds': true, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/b6b17ca9b3955939', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'X', 'key': 'twitter', 'shareMessage': 'Share to X', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en_GB\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'item', 'postId': '8384977589419074058', 'pageName': 'Over 60 Malicious RubyGems Packages Used to Steal Social Media and Marketing Credentials', 'pageTitle': 'SharITSec: Over 60 Malicious RubyGems Packages Used to Steal Social Media and Marketing Credentials', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard', 'ok': 'Ok', 'postLink': 'Post link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Over 60 Malicious RubyGems Packages Used to Steal Social Media and Marketing Credentials', 'description': 'Welcome to the website \x22sharitsec.eu.org\x22 a gathering place for information and learning news about hacking.', 'url': 'https://www.sharitsec.eu.org/2025/08/over-60-malicious-rubygems-packages.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 8384977589419074058}}, {'name': 'widgets', 'data': [{'title': 'Pagination', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML8'}, {'title': 'Template License', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML7'}, {'title': 'Popular', 'type': 'PopularPosts', 'sectionId': 'upload-image', 'id': 'PopularPosts1', 'posts': [{'title': 'Watsonville Community Hospital still dealing with November cyberattack', 'id': 4249868630988636198}, {'title': 'Top 10 Deep Web and Dark Web Forums', 'id': 1342649630186364928}, {'title': 'Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats', 'id': 2179226234578764036}]}, {'title': 'Your Css', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML9'}, {'title': 'About Me', 'type': 'Profile', 'sectionId': 'upload-image', 'id': 'Profile1'}, {'title': 'Your Javascript', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML6'}, {'title': 'Google analytics', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML5'}, {'title': 'Navbar Menu', 'type': 'HTML', 'sectionId': 'upload-image', 'id': 'HTML2'}, {'title': 'Icons, Dark, Search', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList10'}, {'title': 'Menu', 'type': 'LinkList', 'sectionId': 'header-main', 'id': 'LinkList11'}, {'title': 'Featured Post', 'type': 'FeaturedPost', 'sectionId': 'before-blog', 'id': 'FeaturedPost1', 'postId': '1291471112482897295'}, {'title': 'Blog Posts', 'type': 'Blog', 'sectionId': 'blog-post', 'id': 'Blog1', 'posts': [{'id': '8384977589419074058', 'title': 'Over 60 Malicious RubyGems Packages Used to Steal Social Media and Marketing Credentials', 'showInlineAds': false}], 'headerByline': {'regionName': 'header1', 'items': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}, {'name': 'share', 'label': ''}]}, 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'comments', 'label': 'Comment'}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': 'Labels:'}]}], 'allBylineItems': [{'name': 'author', 'label': 'Posted by'}, {'name': 'timestamp', 'label': 'd MMM, yyyy'}, {'name': 'share', 'label': ''}, {'name': 'comments', 'label': 'Comment'}, {'name': 'labels', 'label': 'Labels:'}]}, {'title': '#You may also like', 'type': 'HTML', 'sectionId': 'ads-post', 'id': 'HTML15'}, {'title': 'Popular Posts', 'type': 'PopularPosts', 'sectionId': 'sidebar-static', 'id': 'PopularPosts10', 'posts': [{'title': 'Watsonville Community Hospital still dealing with November cyberattack', 'id': 4249868630988636198}, {'title': 'Top 10 Deep Web and Dark Web Forums', 'id': 1342649630186364928}, {'title': 'Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats', 'id': 2179226234578764036}, {'title': 'Gamified Learning: Using Capture the Flag Challenges to Supplement Cybersecurity Training [Guest Diary], (Sun, Mar 17th)', 'id': 7660912359745102355}, {'title': 'Reversing PyInstaller #python #pyinstaller #reverseengineering #shorts', 'id': 103116772806925785}]}, {'title': 'Archive', 'type': 'BlogArchive', 'sectionId': 'sidebar-static', 'id': 'BlogArchive10'}, {'title': '#Recent Post', 'type': 'HTML', 'sectionId': 'sidebar-static', 'id': 'HTML19'}, {'title': 'Copyright', 'type': 'HTML', 'sectionId': 'copyright', 'id': 'HTML23'}, {'title': 'SVG Icons', 'type': 'HTML', 'sectionId': 'jet-options', 'id': 'HTML24'}]}]);
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML8', 'upload-image', document.getElementById('HTML8'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML7', 'upload-image', document.getElementById('HTML7'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts1', 'upload-image', document.getElementById('PopularPosts1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML9', 'upload-image', document.getElementById('HTML9'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ProfileView', new _WidgetInfo('Profile1', 'upload-image', document.getElementById('Profile1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML6', 'upload-image', document.getElementById('HTML6'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML5', 'upload-image', document.getElementById('HTML5'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'upload-image', document.getElementById('HTML2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList10', 'header-main', document.getElementById('LinkList10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList11', 'header-main', document.getElementById('LinkList11'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_FeaturedPostView', new _WidgetInfo('FeaturedPost1', 'before-blog', document.getElementById('FeaturedPost1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'blog-post', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/2896401746-lbx__en_gb.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/123180807-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML15', 'ads-post', document.getElementById('HTML15'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PopularPostsView', new _WidgetInfo('PopularPosts10', 'sidebar-static', document.getElementById('PopularPosts10'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive10', 'sidebar-static', document.getElementById('BlogArchive10'), {'languageDirection': 'ltr', 'loadingMessage': 'Loading\x26hellip;'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML19', 'sidebar-static', document.getElementById('HTML19'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML23', 'copyright', document.getElementById('HTML23'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML24', 'jet-options', document.getElementById('HTML24'), {}, 'displayModeFull'));
</script>
</body>*/</style>