Malicious code in knot-simple-formatter (RubyGems)

MAL-2026-3636

Published May 13, 2026 · Modified May 13, 2026

Description

Source: google-open-source-security (a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e)

This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters.
The packages in this cluster steal credentials, set up ssh access and tamper with build/workflow environmetn variables.

References

ARTICLE https://socket.dev/blog/malicious-ruby-gems-and-go-modules-steal-secrets-poison-ci

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes