Malicious PyPI packages give hackers control of Telegram bot servers

Summary

A campaign has been discovered targeting Python developers creating Telegram bots. Attackers are distributing trojanized forks of the Pyrogram library, which, when used, grant them control over the bot servers and the ability to read sensitive files.

IFF Assessment

FOE

This article details a campaign where malicious packages grant attackers control over servers, representing a direct threat to defenders.

Defender Context

Defenders should be aware of supply chain attacks targeting popular development libraries like Pyrogram. This campaign highlights the importance of scrutinizing third-party dependencies and implementing robust code scanning and runtime monitoring for applications, especially those handling sensitive data or critical functions.

Read Full Story →