The two precious stone , middling - coloring material and cherry-red - bitcoin , hold in Windows auto - target malware that was destine to supersede any clipboard cryptocurrency wallet speak with an assailant - provide one . By replacing the speech of the crypto - billfold , the malware supporter the assailant commandeer dealings and bargain investment company from the dupe . When inquire the two precious stone , Sonatype , a software program maturation and security ship’s company , get hold that reasonably - discolor bear valid colour file , a trustworthy undetermined reference circumstances , which make water it Sir Thomas More hard to discover . “ In fact , jolly - colourise is an monovular reproduction of the packet and possess all its cypher , include a amply descriptive README , ” pronounce Sonatype . A file away nominate version.rb was included in the muffin that place as edition metadata but carry obfuscate inscribe to break away a malicious handwriting on Windows computing device . A character reference to ReversingLabs terror investigator Tomislav Maljic , who previously find to a greater extent than 700 RubyGems typosquatting mean to mine on compromise simple machine for Bitcoin , was besides let in in the computer code . The red - bitcoin jewel , explicate by certificate researcher from Sonatype , lone admit the malicious cypher from reasonably gloss pose in the version.rb data file . On GitHub , under an unrelated write up , a bare - schoolbook variate of the malicious script victimised in these jewel was regain , advise a possible radio link to WannaCry . There ’s no concentrated manifest , nonetheless , link up the cipher to the operation of WannaCry . “ Of all the activity a ransomware radical can execute on a compromise system , supercede the Bitcoin wallet handle on the clipboard feeling more like an amateur scourge doer ’s piffling mischief-making than a doctor up ransomware surgical operation , ” mention Sonatype .