A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users.
The activity is assessed to be active since at least March 2023, according to the software supply chain security company Socket. Cumulatively, the gems have been downloaded more than 275,000 times.
That said, it bears noting that the figure may not accurately represent the actual number of compromised systems, as not every download results in execution, and it’s possible several of these gems have been downloaded to a single machine.
“Since at least March 2023, a threat actor using the aliases zon, nowon, kwonsoonje, and soonje has published 60 malicious gems posing as automation tools for Instagram, Twitter/X, TikTok, WordPress, Telegram, Kakao, and Naver,” security researcher Kirill Boychenko said.
While the identified gems offered the promised functionality, such as bulk posting or engagement, they also harbored covert functionality to exfiltrate usernames and passwords to an external server under the threat actor’s control by displaying a simple graphical user interface to enter users’ credentials.
Some of the gems, such as njongto_duo and jongmogtolon, are notable for focusing on financial discussion platforms, with the libraries marketed as tools to flood investment-related forums with ticker mentions, stock narratives, and synthetic engagement to amplify visibility and manipulate public perception.
The servers that are used to receive the captured information include programzon[.]com, appspace[.]kr, and marketingduo[.]co[.]kr. These domains have been found to advertise bulk messaging, phone number scraping, and automated social media tools.
Victims of the campaign are likely to be grey-hat marketers who rely on such tools to run spam, search engine optimization (SEO), and engagement campaigns that artificially boost engagement.
“Each gem functions as a Windows-targeting infostealer, primarily (but not exclusively) aimed at South Korean users, as evidenced by Korean-language UIs and exfiltration to .kr domains,” Socket said. “The campaign evolved across multiple aliases and infrastructure waves, suggesting a mature and persistent operation.”
“By embedding credential theft functionality within gems marketed to automation-focused grey-hat users, the threat actor covertly captures sensitive data while blending into activity that appears legitimate.”
The development comes as GitLab detected multiple typosquatting packages on the Python Package Index (PyPI) that are designed to steal cryptocurrency from Bittensor wallets by hijacking the legitimate staking functions. The names of the Python libraries, which mimic bittensor and bittensor-cli, are below –
- bitensor (versions 9.9.4 and 9.9.5)
- bittenso-cli
- qbittensor
- bittenso
“The attackers appear to have specifically targeted staking operations for calculated reasons,” GitLab’s Vulnerability Research team said. “By hiding malicious code within legitimate-looking staking functionality, the attackers exploited both the technical requirements and user psychology of routine blockchain operations.”
The disclosure also follows new restrictions imposed by PyPI maintainers to secure Python package installers and inspectors from confusion attacks arising from ZIP parser implementations.
Put differently, PyPI said it will reject Python packages “wheels” (which are nothing but ZIP archives) that attempt to exploit ZIP confusion attacks and smuggle malicious payloads past manual reviews and automated detection tools.
“This has been done in response to the discovery that the popular installer uv has a different extraction behavior to many Python-based installers that use the ZIP parser implementation provided by the zipfile standard library module,” the Python Software Foundation’s (PSF) Seth Michael Larson said.
PyPI credited Caleb Brown from the Google Open Source Security Team and Tim Hatch from Netflix for reporting the issue. It also said it will warn users when they publish wheels whose ZIP contents don’t match the included RECORD metadata file.
“After 6 months of warnings, on February 1st, 2026, PyPI will begin rejecting newly uploaded wheels whose ZIP contents don’t match the included RECORD metadata file,” Larsen said.
