strong_password - isotope¹³

Incident Summary

strong_password Ruby gem compromised with backdoor code

Similar to the 'rest-client' incident around the same time, the 'strong_password' Ruby gem had a malicious version published. This compromised version contained a backdoor designed to steal environment variables and potentially execute code. It's suspected the same actor compromised both gems.

Date: 2019-08-16 to 2019-08-21
Category: Open Source
Target Surface: Package registry
Insertion Phase: distribution
Impact: Data Exfiltration
Cause: Compromised Account/Credentials

What Was Affected

Package strong_password

LanguageRuby

ComponentLibrary

Artifact typesource archive

Domain typepackage host

Domain rubygems.org

Compromised Versions

0.0.7

Incident Context

Motive: Credential Theft
Attribution: Individual Hacker
Observed Duration: 5 days

Evidence

Compromised Artifacts

Current Artifacts and Analysis

Indicators and Changes

Hashes

sha256:c3a46b979b941ecc456639033754f3bad3f5d379df064d4ccd0b54d0fb8e46ea

External References

github.com/rest-client/rest-client/issues/713

Source Data

Source record: oss/strong_password/meta.yaml