(Photo Illustration by Jakub Porzycki/NurPhoto via Getty Images)
BleepingComputer reports that threat actors have launched a supply chain attack involving a pair of RubyGems packages impersonating widely used Fastlane CI/CD plugins to compromise Telegram data.
Both the 'fastlane-plugin-telegram-proxy' and 'fastlane-plugin-proxy_teleram' packages, which have amassed over 400 downloads since being uploaded on RubyGems late last month, were almost the same as their legitimate counterparts except for the inclusion of an attacker proxy-controlled endpoint that facilitated the theft of Telegram bot tokens, chat IDs, messages, files, and proxy credentials, an analysis from Socket researchers showed. "Cloudflare Worker scripts are not publicly visible, and the threat actor retains full ability to log, inspect, or alter any data in transit. The use of this proxy, combined with the typosquatting of a trusted Fastlane plugin, clearly indicates intent to exfiltrate tokens and message data under the guise of normal CI behavior," said researchers, who added that the absence of the Worker's source code has complicated analysis.
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
BleepingComputer reports that U.S. multinational doughnut and coffeehouse chain Krispy Kreme had information from 161,676 individuals confirmed to be exfiltrated following a November ransomware attack claimed by the Play ransomware operation.
Major Indian IT services and consulting provider Tata Consultancy Services has confirmed that neither its systems nor users had been breached as a result of the Scattered Spider hacking group's attack against leading UK food and clothing retailer Marks & Spencer in April, reports Reuters.
