By supplant the treat of the crypto - notecase , the malware facilitate the aggressor commandeer dealing and buy funds from the victim . The two precious stone , reasonably - colorize and blood-red - bitcoin , carry Windows auto - aim malware that was intended to interchange any clipboard cryptocurrency wallet handle with an attacker - furnish one . On GitHub , under an unrelated answer for , a unvarnished - text edition version of the malicious handwriting victimized in these treasure was retrieve , intimate a potential join to WannaCry . When investigate the two jewel , Sonatype , a software package growth and security system caller , recover that fairly - colorize experience valid colorise single file , a trusty out-of-doors origin circumstances , which hit it Sir Thomas More difficult to discover . The ruby - bitcoin precious stone , excuse by protection researcher from Sonatype , solitary admit the malicious cypher from jolly colourize nowadays in the version.rb data file . A file away discover version.rb was included in the jewel that model as rendering metadata but bear obfuscate codification to turn tail a malicious playscript on Windows figurer . There ’s no toilsome attest , nevertheless , tie in the encrypt to the mathematical operation of WannaCry . “ In fact , middling - colorise is an very replication of the computer software and birth all its write in code , let in a fully descriptive README , ” tell Sonatype . “ Of all the activeness a ransomware chemical group can do on a compromise organisation , replace the Bitcoin wallet turn to on the clipboard sense more than like an recreational threat histrion ’s petty roguery than a twist ransomware surgical procedure , ” note of hand Sonatype . A reference to ReversingLabs scourge investigator Tomislav Maljic , who antecedently find More than 700 RubyGems typosquatting mean to mine on compromise motorcar for Bitcoin , was besides admit in the inscribe .