Telegram Data Targeted in RubyGems Supply Attack

Hackers have launched a supply chain attack targeting Telegram data through malicious RubyGems packages that impersonate popular Fastlane CI/CD plugins, according to a report from BleepingComputer. The attackers uploaded two fraudulent libraries to the RubyGems repository, where developers typically obtain trusted components for building and deploying applications. By mimicking Fastlane tools, the packages aimed to deceive developers into integrating the compromised code into their software projects.

Once installed, the malicious code enabled unauthorized access to sensitive Telegram data, though the scope and method of data exfiltration remain undisclosed. The incident highlights ongoing security risks within open-source software ecosystems, where package impersonation continues to be a favored tactic among threat actors.

RubyGems has not issued a public statement regarding the removal or mitigation of the affected packages. The campaign underscores the importance of verifying the authenticity of third-party software components, particularly in environments that manage communications or continuous integration pipelines.