Skip to content
supplychainattack.orgSupply chain attack incident catalog
resolvedcritical

Malicious code in zztestno33 (RubyGems)

Malicious code was discovered in the zztestno33 package on RubyGems. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9984.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
Limited to users of the zztestno33 package on RubyGems
Ecosystems
Attack vectors
Affected entities
  • zztestno33

The zztestno33 package on RubyGems was found to contain malicious code. The discovery was credited to the OpenSSF (Open Source Security Foundation) through their malicious packages tracking project.\n\nThe incident was documented in GitHub Advisory GHSA-fw62-grch-39vp and assigned the malicious package identifier MAL-2026-9984. The package was published on RubyGems and posed a risk to any users who installed or depended on it.\n\nAs a cataloged malicious package identified by the OpenSSF, the incident is considered resolved through public disclosure and removal from the package repository.

Indicators of compromise

Packages
  • zztestno33

Remediation

  • Remove the zztestno33 package from any systems where it was installed
  • Audit systems that may have installed this package for any unauthorized changes or artifacts
  • Review dependency manifests to ensure zztestno33 is not listed as a dependency
  • Update to a safe version or alternative package if zztestno33 was a required dependency

Sources

  1. GitHub Advisory GHSA-fw62-grch-39vp · GitHub Advisory Database

Cite this entry

"Malicious code in zztestno33 (RubyGems)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 18, 2026; last updated July 18, 2026. https://supplychainattack.org/incident/malicious-code-in-zztestno33-rubygems-eljxs4

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

  1. resolvedcritical

    Malicious code in zzfadgivar05 (RubyGems)

    Malicious code was discovered in the zzfadgivar05 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Advisory GHSA-3gfr-fq7v-cc26.

    RubyGemsCompromised package
  2. resolvedcritical

    Malicious code in zzjinavcsgit (RubyGems)

    Malicious code was published in the zzjinavcsgit RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  3. resolvedcritical

    Malicious code in zztest17785553702 (RubyGems)

    Malicious code was discovered in the RubyGems package zztest17785553702. The package was identified and cataloged by the OpenSSF malicious packages project.

    RubyGemsCompromised package
  4. resolvedcritical

    Malicious code in zzpdfvar01 (RubyGems)

    Malicious code was discovered in the zzpdfvar01 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9958.

    RubyGemsCompromised package