MALICIOUS (1) campaign cataloged at 2026-06-26(2).
- The campaign has clearly malicious intent, like infostealers.
- This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.
2026-06-inlifegram¶
The modified version of a Telegram bot library. The obfuscated code, launched when the user starts their own bot application, attaches malicious backdoor commands to the Telegram bot. They allow hardcoded users to execute any commands in the bot's environment.
Abuse categories¶
RAT
Malicious activity is typical for Remote Access Trojans (RATs).
action-hidden-in-lib-usage
The malicious action is hidden in the code and starts when user interacts with it (e.g. during class initialization or by exfiltrating given credentials).
backdoor
Campaign uses backdoor.
clones_real_package
The package is a clone of a legitimate package or library, but with malicious code added.
obfuscation
Code uses obfuscation techniques to hide its true purpose.
remote_commands
The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.
target:telegram
The package is designed to target Telegram users or the Telegram platform.