{"id":"MAL-2026-5531","summary":"Malicious code in telegramlite (PyPI)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: kam193 (be464abbf0e3f375f4865ac2802a6b6d96e7af1ce30984d84f464470cdef17dd)\nPackage exfiltrates data from the Telegram application to a remote location, effectively collecting Telegram sessions.\n\n\n---\n\nCategory: MALICIOUS - The campaign has clearly malicious intent, like infostealers.\n\n\nCampaign: 2026-06-telegramlite\n\n\nReasons (based on the campaign):\n\n\n - target:telegram\n\n\n - files-exfiltration\n","modified":"2026-06-10T20:30:48.666528564Z","published":"2026-06-10T19:28:13Z","database_specific":{"malicious-packages-origins":[{"id":"pypi/2026-06-telegramlite/telegramlite","import_time":"2026-06-10T20:19:44.136003474Z","versions":["1.0.0","1.0.1"],"sha256":"be464abbf0e3f375f4865ac2802a6b6d96e7af1ce30984d84f464470cdef17dd","modified_time":"2026-06-10T19:28:13.195865Z","source":"kam193"}],"iocs":{"domains":["telegram-full-server.onrender.com"],"urls":["https://telegram-full-server.onrender.com/api/upload"]}},"references":[{"type":"WEB","url":"https://bad-packages.kam193.eu/pypi/package/telegramlite"}],"affected":[{"package":{"name":"telegramlite","ecosystem":"PyPI","purl":"pkg:pypi/telegramlite"},"versions":["1.0.0","1.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/telegramlite/MAL-2026-5531.json"}}],"schema_version":"1.7.5","credits":[{"name":"Kamil Mańkowski (kam193)","contact":["https://github.com/kam193","https://bad-packages.kam193.eu/"],"type":"REPORTER"}]}