MALICIOUS (1) campaign cataloged at 2025-11-22(2).

1. The campaign has clearly malicious intent, like infostealers.
2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-11-tgeffect

Importing the module starts obfuscated code which then look for data related to some Telegram clients and attempt to exfiltrate them

Abuse categories

exfiltration_credentials

Campaign uses exfiltration_credentials.

obfuscation

Campaign uses obfuscation.

target:telegram

Campaign uses target:telegram.

Packages in the campaign

campaign:2025-11-tgeffect

• aiogram-msgeffect
• tgeffect