ETHSecurity Community

🚨 Malware Alert for Developers!

3 npm packages are mimicking a popular Telegram bot library—but secretly install SSH backdoors & exfiltrate your data.

They replicate the look of node-telegram-bot-api (100K+ weekly users), use starjacking to fake credibility, and target Linux systems. Removal ≠ protection—SSH keys stay behind.

Learn more:

🚨 Malware Alert for Developers!

3 npm packages are mimicking a popular Telegram bot library—but secretly install SSH backdoors & exfiltrate your data.

They replicate the look of node-telegram-bot-api (100K+ weekly users), use starjacking to fake credibility, and target Linux systems. Removal ≠ protection—SSH keys stay behind.

Learn more: https://thehackernews.com/2025/04/rogue-npm-packages-mimic-telegram-bot.html