MALICIOUS (1) campaign cataloged at 2025-11-22(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-11-tgeffect

Importing the module starts obfuscated code which then look for data related to some Telegram clients and attempt to exfiltrate them

Abuse categories

exfiltration_credentials

The package attempts to steal credentials, like passwords or API keys.

obfuscation

Code uses obfuscation techniques to hide its true purpose.

target:telegram

Campaign uses target:telegram.

Packages in the campaign

campaign:2025-11-tgeffect

• aiogram-msgeffect
• tgeffect