The open-source software landscape recently faced a serious wave of supply chain attacks, impacting two of its most widely used repositories: RubyGems and the Python Package Index (PyPI). These incidents have resulted in significant theft of credentials and cryptocurrency, raising new concerns and prompting urgent security reforms within these ecosystems.
Malicious Activity on RubyGems
Since March 2023, security researchers have discovered at least 60 malicious packages uploaded to RubyGems. Operated by a threat actor using multiple aliases, including zon, nowon, kwonsoonje, and soonje, these packages masqueraded as automation tools for popular platforms such as Instagram, Twitter/X, TikTok, WordPress, Telegram, Kakao, and Naver. While promising legitimate automation features like bulk posting and increased user engagement, the packages covertly harvested tokens, usernames, and passwords via graphical user interfaces.
The credentials gathered were quietly exfiltrated to attacker-controlled servers, mostly hosted on South Korean domains. The malicious packages were widely downloaded—over 275,000 times—although not every installation resulted in compromised systems. Notably, the main victims appear to be grey-hat marketers, many operating in South Korea, who use automation tools for social media spam, SEO manipulation, and similar activities. Some packages, such as “njongto_duo” and “jongmogtolon,” specifically targeted investment forums, attempting to influence market sentiment through compromised accounts.
PyPI: Cryptocurrency Theft via Typosquatting
PyPI faced its own set of attacks, with threat actors leveraging typosquatting—a tactic where malicious packages closely mimic the names of legitimate ones. The perpetrators targeted packages related to the Bittensor cryptocurrency staking ecosystem, such as “bitensor,” “bittenso-cli,” “qbittensor,” and “bittenso.” These fraudulent packages incorporated code capable of covertly stealing cryptocurrency by hijacking staking routines, posing considerable risks to users unknowingly installing them.
Security Reforms and Policy Changes
The attacks on PyPI exploited inconsistencies in how Python installers processed package files, specifically the wheel format packaged as ZIP archives. Attackers used these discrepancies, known as ZIP confusion attacks, to bypass security controls and deliver malicious content. In response, PyPI is instituting new policies: starting with a six-month warning period, the platform will soon reject wheels whose contents do not match the required metadata. Full enforcement is scheduled to begin February 1, 2026, at which point non-compliant packages will be entirely blocked from upload.
