Malicious PyPI packages give hackers control of Telegram bot servers

Malicious PyPI packages give hackers control of Telegram bot servers
A campaign dubbed Operation Navy Ghost has been targeting Python developers who build Telegram bots by publishing trojanized Pyrogram forks on PyPI. The hidden backdoor, secret.py, can execute attacker-supplied Python or shell commands, steal files and secrets, and exfiltrate data from infected servers. #OperationNavyGhost #Pyrogram #PyPI

Keypoints

  • Attackers published at least eight malicious Pyrogram forks on PyPI.
  • The packages hide a backdoor in a file named secret.py inside the helpers module.
  • The malware activates when importing Pyrogram or when an infected bot starts.
  • It can run arbitrary Python code and shell commands on compromised servers.
  • Checkmarx says the campaign targets Telegram bot accounts and likely seeks sensitive infrastructure access.

Read More: https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-give-hackers-control-of-telegram-bot-servers/