A malicious campaign has been observed targeting Python developers building Telegram bots with malicious versions of the popular Pyrogram library to the Python Package Index (PyPI).
The campaign, dubbed ‘Operation Navy Ghost’ by security company Checkmarx, ran from November 2025 to June 2026. Attackers published at least eight fake Pyrogram packages that included the original code along with a hidden backdoor (secret.py). All of the packages were forks of the legitimate Pyrogram project, the researchers said.
The backdoor registers hidden Telegram command handlers when an infected bot starts, allowing attackers to remotely execute arbitrary Python code and shell commands. The /asu command compiles and runs attacker-supplied Python code, providing access to the active Telegram client, session data, chats, contacts, and environment variables. The /asi command executes shell commands through /bin/bash -c, enabling attackers to read files, gather system information, or perform other actions with the same privileges as the infected application.
Command results are returned to the attacker through Telegram messages, while outputs larger than Telegram's 4,096-character message limit are automatically sent as document attachments. The malware includes a hardcoded OWNERS list containing authorized Telegram IDs, ensuring only the threat actor can control the backdoor and preventing it from activating on the attacker's own systems.
Researchers said the malware only activates on Telegram bot accounts, suggesting it was designed to target production systems that may contain databases, credentials, and cloud services.
Although the malicious packages were uploaded from different PyPI accounts, Checkmarx believes they were created by the same threat actor because of the same backdoor code, command structure, and attacker-controlled Telegram IDs.