Malicious PyPI Packages Compromise Telegram Bot Servers via Trojanized Pyrogram Forks
What Happened — Researchers identified eight malicious forks of the popular Pyrogram library on PyPI. The packages contain a hidden back‑door (secret.py) that, when imported by a Telegram bot, lets an attacker execute arbitrary Python or shell commands on the victim’s server and retrieve the output via Telegram messages. The campaign, dubbed “Operation Navy Ghost,” has been active since November 2025 and has amassed several thousand downloads.
Why It Matters for Compliance & Audit Readiness
- Supply‑chain attacks on open‑source components directly test the effectiveness of SOC 2 vendor‑management controls (CC6.1 – Third‑Party Risk Management).
- Continuous monitoring of third‑party package integrity provides audit‑ready evidence that your organization is exercising due diligence over external code.
- Documented remediation and verification steps become part of the control‑testing artifact set required for a defensible SOC 2 audit.
Who Is Affected — Developers building Telegram bots, SaaS platforms that embed bot functionality, and any organization that incorporates PyPI packages into production workloads (primarily TECH / SaaS).
Recommended Actions
- Inventory all PyPI dependencies used in production and flag any that are forks of Pyrogram or other high‑risk libraries.
- Implement automated SBOM generation and continuous monitoring for newly published versions of critical packages.
- Enforce a policy requiring code‑review and provenance verification before adding new third‑party Python packages.
- Update affected bots to the official, maintained Pyrogram release and rotate any compromised credentials.
Source: BleepingComputer
Technical Notes
- Attack vector: Third‑party dependency (malicious PyPI packages).
- Back‑door (
secret.py) registers hidden Telegram command handlers (/asu,/asi) that compile and execute attacker‑supplied code under the bot’s privileges. - No CVE is associated; the threat stems from supply‑chain poisoning of open‑source packages.
Source: same as above