Malicious RubyGems and PyPI Packages Are Stealing Credentials and Crypto: What Happened and How to Protect Yourself
If you’ve ever installed a “quick automation” gem or Python package to speed up social media posting or crypto staking, this one’s for you. Security researchers just uncovered dozens of malicious RubyGems targeting marketers and growth hackers, quietly exfiltrating usernames and passwords. At the same time, typosquatted packages on PyPI went after Bittensor wallets by…