Attackers Exploit RubyGems for Data Storage, Raising Security Concerns
A new cybersecurity threat has emerged involving the RubyGems package registry, which is being used by attackers as a 'dead drop' for storing exfiltrated data. The campaign, named 'GemStuffer' by security vendor Socket, involves the publication of over 100 gems that utilize RubyGems not for malware distribution, but as a data transport mechanism. These gems contain payloads that are repetitive and self-contained, fetching public data from UK local government portals and storing it back on RubyGems. The attack does not involve a command-and-control server, making it unique in its approach. The full scope and intent of the attack remain unclear, but it highlights a novel method of exploiting package repositories. 
