Two malicious RubyGems packages masquerading as Fastlane plugins have been discovered, intercepting Telegram API requests to steal sensitive data such as chat IDs, message content, and bot tokens. The packages, which typosquat legitimate Fastlane plugins, redirect data to attacker-controlled servers, posing a significant risk to developers using these tools. Affected users are advised to remove the malicious gems and rotate their bot tokens immediately.