Attackers Impersonate Ruby Packages to Steal Telegram Data

Malicious RubyGems, posing as Fastlane plugins, were discovered on the RubyGems project site. The gems redirect Telegram API requests to servers controlled by attackers, enabling the theft of sensitive data from Telegram chats. The campaign, likely geopolitically motivated, targets developers seeking Telegram workarounds, highlighting the importance of API security and software supply chain trust.