Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

Apr 19, 2025

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below –

node-telegram-utils (132 downloads)
node-telegram-bots-api (82 downloads)
node-telegram-util (73 downloads)

According to supply chain

Get Free Report & Network Analysis

Please check your email for the free report.