Two malicious RubyGems packages impersonate legitimate Fastlane plugins to redirect Telegram API requests to attacker-controlled servers, enabling data theft. This supply chain attack allows hackers to intercept sensitive chat messages, bot tokens, and proxy credentials used by developers, posing a significant security risk. #RubyGems #Fastlane #Telegrambot
Keypoints
- Two malicious RubyGems packages are impersonating legitimate Fastlane plugins on RubyGems.
- The packages redirect Telegram API requests to attacker-controlled servers to steal data.
- Stolen information includes chat IDs, message content, bot tokens, and proxy credentials.
- The attack exploits typosquatting and nearly identical package features to deceive users.
- Developers are advised to remove the malicious packages, rotate bot tokens, and block traffic to suspicious domains.
Views: 13