GemStuffer Campaign Abuses RubyGems for Data Exfiltration

Cybersecurity researchers identified a campaign named GemStuffer, which abused the RubyGems repository by uploading over 150 malicious gems to exfiltrate data rather than distribute malware. The packages targeted the U.K. council portal, though they were not designed for widespread developer compromise. Many of the gems exhibited low or no download activity, and their payloads were described as repetitive. The attack leveraged RubyGems as a data exfiltration channel, though specific technical mechanisms or impacted organizations were not detailed. No CVE IDs or exact dates were provided in the reported findings.