Malicious code in zztestno33 (RubyGems)
Malicious code was discovered in the zztestno33 package on RubyGems. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9984.
- Disclosed
- Last updated
- Blast radius
- Limited to users of the zztestno33 package on RubyGems
- Ecosystems
- Attack vectors
- Affected entities
- zztestno33
The zztestno33 package on RubyGems was found to contain malicious code. The discovery was credited to the OpenSSF (Open Source Security Foundation) through their malicious packages tracking project.\n\nThe incident was documented in GitHub Advisory GHSA-fw62-grch-39vp and assigned the malicious package identifier MAL-2026-9984. The package was published on RubyGems and posed a risk to any users who installed or depended on it.\n\nAs a cataloged malicious package identified by the OpenSSF, the incident is considered resolved through public disclosure and removal from the package repository.
Indicators of compromise
- Packages
- zztestno33
Remediation
- Remove the zztestno33 package from any systems where it was installed
- Audit systems that may have installed this package for any unauthorized changes or artifacts
- Review dependency manifests to ensure zztestno33 is not listed as a dependency
- Update to a safe version or alternative package if zztestno33 was a required dependency
Sources
- GitHub Advisory GHSA-fw62-grch-39vp · GitHub Advisory Database
Cite this entry
"Malicious code in zztestno33 (RubyGems)." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 18, 2026; last updated July 18, 2026. https://supplychainattack.org/incident/malicious-code-in-zztestno33-rubygems-eljxs4
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- resolvedcritical
Malicious code in zzfadgivar05 (RubyGems)
Malicious code was discovered in the zzfadgivar05 RubyGems package. The package was identified by the OpenSSF malicious packages project and reported via GitHub Advisory GHSA-3gfr-fq7v-cc26.
RubyGemsCompromised package - resolvedcritical
Malicious code in zzjinavcsgit (RubyGems)
Malicious code was published in the zzjinavcsgit RubyGems package. The package was identified and cataloged by the OpenSSF malicious packages project.
RubyGemsCompromised package - resolvedcritical
Malicious code in zztest17785553702 (RubyGems)
Malicious code was discovered in the RubyGems package zztest17785553702. The package was identified and cataloged by the OpenSSF malicious packages project.
RubyGemsCompromised package - resolvedcritical
Malicious code in zzpdfvar01 (RubyGems)
Malicious code was discovered in the zzpdfvar01 RubyGems package. The package was identified by the OpenSSF malicious packages project and assigned identifier MAL-2026-9958.
RubyGemsCompromised package