A new batch of 60 harmful packages has been revealed, aimed at the RubyGems ecosystem by masquerading as harmless automation utilities for social media, blogging, or messaging platforms to pilfer credentials from unwary users.
This activity is believed to have been ongoing since at least March 2023, as per the software supply chain security firm Socket. Altogether, the gems have been