Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...