Malicious PyPI packages give hackers control of Telegram bot servers

A malicious campaign has been targeting Python developers building Telegram bots, exploiting a vulnerability in the Pyrogram project to give hackers control of compromised servers. The threat actor, dubbed “Operation Navy Ghost” by researchers at Checkmarx, has published at least eight trojanized Pyrogram forks on the Python Package Index (PyPI) since November 2025.

These malicious packages, including VLifeGram and pyrogram-styled, have been downloaded thousands of times, with nearly 350,000 monthly downloads on PyPI. The packages are designed to appear as legitimate updates for the popular Telegram bot framework, but they contain a hidden backdoor that allows attackers to read arbitrary files on compromised servers.

The backdoor is activated when an infected bot launches, and it enables the execution of attacker-supplied Python code or shell commands. This means that hackers can use the backdoor to access sensitive data, dump secrets, and install a persistent malware on the victim’s server. The command output is then returned via Telegram messages, which can be sent as attachments if it exceeds 4096 bytes.

The researchers at Checkmarx have noticed that the backdoor activates only on Telegram bot accounts, which typically run in production environments. This suggests that the attacker seeks “access to databases, credentials, cloud APIs, and sensitive infrastructure.” The malware is designed to operate silently, suppressing errors and disabling logging, making it difficult for developers to detect.

Despite the packages being published from different PyPI accounts, Checkmarx attributes the campaign to a single threat actor. The conclusion is based on the shared OWNERS list across the various packages, the identical backdoor code, the command names, and the overlapping infrastructure.

Developers who might have installed the listed packages should remove them immediately and take precautions to secure their servers. This includes rotating all credentials and revoking Telegram bot tokens. It’s also essential for security teams to regularly test their systems using breach and attack simulation tools to ensure that their SIEM and EDR rules can detect such threats.

The discovery of this campaign serves as a reminder that even popular open-source projects like Pyrogram can be vulnerable to exploitation by malicious actors. Developers should exercise caution when installing packages from third-party sources, especially if they contain modified or hidden code. Regularly updating dependencies and monitoring system logs are crucial in preventing similar attacks in the future.


Source: Bleeping Computer — 2026-06-30