inlifegram @2.1.2.9
Vulnerability report · Last retrieved from osv.dev June 26, 2026 at 2:48 PM UTC
OSV ID
MAL-2026-6516
Ecosystem
pypi
Summary
The modified version of a Telegram bot library. The obfuscated code, launched when the user starts their own bot application, attaches malicious backdoor commands to the Telegram bot. They allow hardcoded users to execute any commands in the bot's environment. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2026-06-inlifegram Reasons (based on the campaign): - clones-real-package - obfuscation - The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine. - rat - target:telegram - action-hidden-in-lib-usage - backdoor
Source: kam193 (9e2d3483845391abac4b854096ffc1c7767818f9e2b02486d969ee2be0638dc9)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.