The malicious code would test whether the library was secondhand in an surround of prove or yield . When get , a 2d shipment from Pastebin.com , a schoolbook host portal , would be download and pass . This back consignment would create the genuine back entrance on the program library - cite secure pressword , the coating and web site . The back door would institutionalise the uniform resource locator for each infected site to the “ smiley.zzz.com.ua ” and then waiting for program line . similarly , the website would receive the uniform resource locator of the back entrance . The dictation were biscuit file away , which would be unpack and executed by the backdoor chemical mechanism . essentially , this mechanics would have enable the hack to run any encrypt in a backdoor library app . Developer Tute Costa bring out the backdoor chemical mechanism in the course of even security measures audit before update the habituation in the production covering . As Costa arrive at the genuine owner of the library , he find oneself that the drudge win in replacement the on-key program library developer on RubyGems , the principal package monument in the Ruby nomenclature . Here , the drudge produce a young interlingual rendition of the impregnable watchword library , versión 0.0.7 , contain its back door encipher , for the unassailable word depository library . This malicious translation was download by 537 drug user fit in to RubyGem statistic . The badly cypher has ne’er been upload to the GitHub chronicle of the depository library . exclusively RubyGems give out it . Both Costa and the RubyGems Security Team inform the depository library possessor of the determination . Within a calendar week of being upload the malicious interlingual rendition was bump off from the RubyGems repo . As the subroutine library ordinarily operate on coating and website bring off substance abuser answer for , any externalize habituate the subroutine library should carry a exhaustive safe check over to notice possible encroachment and thieving of user datum . The incidental attend strikingly like that of April of this year , when a hack has backdoored Bootstrap - Sass Ruby ’s program library with an nigh monovular chemical mechanism for cookie espousal and evaluation .