Computing

Malicious Python packages found exfiltrating user data to Telegram bot

Researchers at security vendor Checkmarx have uncovered an operation, apparently based in Iraq, that uses malware hosted on the Python repository PyPI to search for files on the victim's device and ...
Bleeping Computer

Malicious RubyGems pose as Fastlane to steal Telegram API data

Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. RubyGems is the official package ...
CSOonline

Supply chain attack hits RubyGems to steal Telegram API data

Threat actor exploits Fastlane plugin trust to redirect Telegram traffic via C2 server after Vietnam’s ban, targeting mobile app CI/CD pipelines. An ongoing supply chain attack is targeting the ...
WIRED

「ディープフェイク・ポルノ」を生成する悪質AIボットがTelegramで ...

2020年の初め、ディープフェイク技術の研究を専門とするヘンリー・アイダーは、そのころメッセージアプリ「Telegram」に登場し始めた、人工知能(AI)で写真の女性から“服を脱がせる”画像生成ボットのひとつを発見した。アイダーの記憶によると、その ...
Dark Reading

Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data

Attackers are exploiting a popular code package for the Ruby programming language in a supply chain attack aimed at stealing sensitive data from Telegram chats. The attack demonstrates how threat ...