Malicious PyPI packages give hackers control of Telegram bot servers
A campaign active since November 2025 has distributed malicious PyPI packages—trojanized Pyrogram forks—targeting Python developers building Telegram bots. The compromised packages allow attackers to read arbitrary files on affected servers.
- Disclosed
- Last updated
- Blast radius
- Python developers building Telegram bots; servers running affected packages
- Ecosystems
- Attack vectors
- Affected entities
- Pyrogram (trojanized forks)Malicious PyPI packages impersonating or forking Pyrogram library
A supply chain attack campaign targeting Python developers has been active since at least November 2025, distributing malicious packages on PyPI that impersonate or fork the popular Pyrogram library used for building Telegram bots.
The trojanized packages are designed to compromise servers running Telegram bot applications. Once installed, they grant attackers the ability to read arbitrary files on the compromised systems, potentially exposing sensitive configuration, credentials, and application data.
The attack leverages the trust developers place in PyPI packages and the Pyrogram ecosystem. Developers building Telegram bots may inadvertently install malicious forks or similarly-named packages, leading to server compromise.
As of the publication date (June 30, 2026), the campaign remains active and ongoing.
Indicators of compromise
- Packages
- Pyrogram (trojanized forks - specific package names not disclosed in source)
Remediation
- Audit PyPI package dependencies for Pyrogram and verify package authenticity and source
- Review installed packages and remove any suspicious or unfamiliar Pyrogram forks
- Scan servers for indicators of compromise and unauthorized file access
- Implement package pinning and integrity verification in dependency management
- Monitor PyPI for malicious packages impersonating popular libraries
- Rotate credentials and review file access logs on affected servers
Sources
- Malicious PyPI packages give hackers control of Telegram bot servers · BleepingComputer
Cite this entry
"Malicious PyPI packages give hackers control of Telegram bot servers." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed June 30, 2026; last updated June 30, 2026. https://supplychainattack.org/incident/malicious-pypi-packages-give-hackers-control-of-telegram-bot-servers-1m8yux
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- activecritical
Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat
On June 17, 2026, an attacker compromised the @mastra npm organization and injected easy-day-js, a typosquat of the popular dayjs library, as a dependency across 140+ packages. The malicious package contained an obfuscated postinstall dropper that downloaded and executed a second-stage payload from attacker-controlled servers before self-deleting. The affected packages had a combined weekly download count exceeding 1.1 million.
npmCompromised packageTyposquattingMalicious maintainer - activecritical
The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent
On June 8, 2026, multiple Graph ML PyPI packages were compromised in the Hades campaign, deploying cross-platform memory scrapers, AI prompt injections for analyst misdirection, and token-revocation wipers. The attack targeted the bioinformatics ecosystem with sophisticated evasion techniques.
HadesPyPICompromised package - containedhigh
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
Hackers compromised 19 science-focused packages on PyPI in a Shai-Hulud supply-chain attack. The trojanized packages were collectively downloaded hundreds of thousands of times and delivered malware designed to steal developer secrets.
Shai-HuludPyPICompromised package - resolvedhigh
durabletask: TeamPCP's Latest PyPi Compromise
Malicious versions of the PyPI package durabletask were published, attributed to the TeamPCP threat actor. The attack matches known TeamPCP tactics used in prior supply chain compromises.
TeamPCPPyPICompromised package