VYPR
← All malware advisories

gem · Malicious package advisory

Malware

knot-devise-jwt-helper

MAL-2026-3632

Malicious code in knot-devise-jwt-helper (RubyGems)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: google-open-source-security (a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e)
This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters.
The packages in this cluster steal credentials, set up ssh access and tamper with build/workflow environmetn variables.

Compromised versions (1)

  • 1.0.7

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.