Logo
pypi

heroku-tl @3.2.5

Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC

Malicious

OSV ID

MAL-2025-2967

Ecosystem

pypi

Summary

Clone of a legit Telegram client, with a hidden code that, under some conditions, can attempt to destroy the Linux OS. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-03-heroku-tl Reasons (based on the campaign): - clones-real-package - action-hidden-in-lib-usage

Source: kam193 (8a78aff2389300306864bb3d44e1ac70675e128845a4d734dae5ffbc39076b93)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.

SEE HACKTRON REVIEW → SCAN DEPENDENCIES