Wednesday, August 17, 2022

RubyGem Requires Multi-Factor Authentication

The Ruby Package Manager now follows in the same footsteps as NPM and PyPi by requiring multifactor authentication to access Ruby packages.

Starting on August 15, 2022, all RubyGems users with a total of more than 180 million downloads are required to activate MFA to be able to enjoy the Ruby package download service. If some maintainers have exceeded 165 million package downloads, they will receive a notification to enable the MFA feature.

The origin of this mandatory MFA feature is the attacks experienced by NPM and PyPi which increased by 289% according to an analysis from security firm ReversingLabs. This attack causes a serious slowdown when NPM and PyPi users install or update required packages.

In what has by now become a recurring theme, researchers from Checkmarx, Kaspersky, and Snyk uncovered a slew of malicious packages in PyPI that could be abused to conduct DDoS attacks and harvest browser passwords as well as Discord and Roblox credential and payment information.

This is just one of a seemingly endless stream of malware specifically tailored to infect developer's systems with information stealers, potentially enabling the threat actors to identify suitable pivoting points in the compromised environments and deepen their intrusions.


Post a Comment