Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems,
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below –
The packages in question are listed below –
node-telegram-utils (132 downloads)
node-telegram-bots-api (82 downloads)
node-telegram-util (73 downloads)
According to supply chain
,
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below –
The packages in question are listed below –
node-telegram-utils (132 downloads)
node-telegram-bots-api (82 downloads)
node-telegram-util (73 downloads)
According to supply chain
, ,
https://thehackernews.com/2025/04/rogue-npm-packages-mimic-telegram-bot.html