Backdoor code was found added in a popular Ruby library used for frontend user interfaces inside Ruby and Ruby on Rails applications. The malicious code was removed via a library update.

Polymorphic bootstrap code Since Rovnix.B the modified bootstrap code has used polymorphic code in order to bypass static antivirus signature detection.

The bootstrap code and Makefile is out there on GitHub. Of course, it is a simple module and the reason it is possible is because of the scratchnative system that lets you compile Scratch into C code.