A new supply-chain attack targeted users of Telegram, AWS, and Alibaba Cloud services. Threat actors used Typosquatting and Startjacking techniques to trick developers into downloading malicious packages from Pypi. The attack was active throughout September 2023. The malicious packages were disguised as popular packages like "Telethon" and "enumerate-iam," but contained hidden lines of code that executed when specific functions were called. The attack aimed to steal sensitive credentials. #supplychainattack #Telegram #AWS #AlibabaCloud #Typosquatting #Startjacking #Pypi #Cybersecurity

https://cybersecuritynews.com/telegram-aws-alibaba-supply-chain-attack/