A cryptojacking code was found in 11 open-source code libraries written in Ruby, which have been downloaded thousands of times.

Hackers downloaded the software, infected it with malware, and subsequently reposted it on the RubyGems platform, industry news outlet Decrypt reported on Aug. 21.

The malicious code was first noticed by a GitHub user, who posted about the issue on Aug. 19. He said that, when executed, the library downloaded additional code from text hosting service Pastebin, which then triggered the malicious mining.

The malware also sent the address of the infected host to the attacker, alongside environment variables which may have included credentials.

Some users suggested that RubyGems contributors should enable two-factor authentication on their accounts given that, if compromised, they could be used to infect many systems.

A seemingly targeted attack

Five of the libraries infected were cryptocurrency specific — with names such as doge-coin, bitcoin_vanity, coin_base and blockchain_wallet. Coin_base was downloaded 424 times, and blockchain_wallet was downloaded 423 times.

As Cointelegraph recently reported, cybersecurity company Varonis has discovered a new cryptojacking virus — referred to as “Norman” — which aims to mine the cryptocurrency Monero (XMR) and evade detection.