How to Clean & Secure Telegram Bots from Operation Navy Ghost Malware
In mid-2026, the open-source supply chain saw a highly targeted cyber campaign targeting Telegram bot developers. Dubbed Operation Navy Ghost by security researchers at Checkmarx, the campaign involved threat actors publishing at least eight malicious, trojanized forks of the highly popular pyrogram Python library to PyPI (Python Package Index). Pyrogram is one of the most widely used MTProto client frameworks, boasting over 340,000 monthly downloads. By publishing lookalike packages with hidden backdoors, attackers successfully targeted developers deploying Telegram bots on production servers, securing unconditional remote command execution (RCE) and full shell access on victim infrastructure.
If you run Python-based Telegram bots, execute this command on your host immediately to check for the backdoor file:
find / -path "*/pyrogram/helpers/secret.py" 2>/dev/null
If this file exists, your system is compromised. For immediate directory assistance and to verify your integrations are secure, consult Telekit's Bot Directory Catalog.
What is Operation Navy Ghost?
Operation Navy Ghost is a supply chain and social engineering campaign that active threat actors operated from November 2025 until late June 2026. Instead of executing an account takeover of the original developer, the attackers created brand-new PyPI publisher profiles and uploaded highly convincing forks of the legitimate Pyrogram codebase. These forks included standard files, READMEs, licensing information, and even links to a dedicated support channel, making them look highly credible to developers searching PyPI.
However, embedded within these packages was a malicious file named pyrogram/helpers/secret.py. This file does not exist in official releases. The backdoor activates only when the client detects that it is running on a bot account (using the check if self.me.is_bot), which typically runs on high-value VPS servers with database access and API credentials.
The Compromised PyPI Packages
If your project's requirements.txt, pyproject.toml, or dependency lockfile contains any of the following packages, you must immediately treat your environment as compromised:
The Weapon: Deep Dive into the Backdoor (secret.py)
Each malicious package contains an identical backdoor design within pyrogram/helpers/secret.py. The script defines a list of master attacker-controlled Telegram IDs (e.g., 327471892, 842320686, etc.). The backdoor registers two hidden message handlers:
/asuor/wann: Receives arbitrary Python code and runs it in the active loop viaexec(), giving complete program memory control./asior/wann2: Executes shell commands on the server usingsubprocess.run()under the context of the running bot user.
Crucially, the data exfiltration occurs directly via Telegram. The backdoor catches output, packages it into a temporary text document, and uploads it to the attacker using the bot's own connection via message.reply_document(). As a result, zero external C2 traffic leaves the server, rendering standard firewall DNS/HTTP blocklists completely blind to the hack.
Below is a simplified layout of the malicious start.py modification used to load the backdoor invisibly:
# Buried in client initialization lifecycle
else:
self.me = await self.get_me()
try:
import pyrogram.helpers.secret as secret
if self.me.is_bot:
secret.init_secret(self)
except Exception:
pass # Silently suppress errors to keep developer unaware
await self.initialize()
return self
Step-by-Step Setup & Audit Guide to Detect and Clean Your System
Follow these detailed steps to audit your Python deployment, detect active infections, and completely secure your infrastructure from Operation Navy Ghost.
Step 1: Check Installed Packages in Your Local Environment
Execute the following commands in your project virtual environment to identify if any malicious packages are currently active:
# Run in terminal pip show vlifegram vlife-gram kelragram pyrogram-navy pyrogram-styled sepgram pyrogram-zeeb pyrogram-kelra
If any information is printed, your environment is actively running a backdoored package.
Step 2: Scan Pip Installation Logs for Past Triggers
Even if the package is not installed now, audit the history of installations to verify if a developer had previously pulled it:
# Check Linux/macOS pip install histories cat ~/.local/share/pip/pip.log | grep -E "vlifegram|vlife-gram|kelragram|pyrogram-navy|pyrogram-styled|sepgram|pyrogram-kelra|pyrogram-zeeb"
Step 3: Scan Server Filesystem for Injected Helpers
Perform a global scan of your Python library directories to search for the specific backdoor file secret.py:
# Search filesystem find / -path "*/pyrogram/helpers/secret.py" 2>/dev/null
Step 4: Immediate Remediation Protocol
If an infection is identified, execute these emergency recovery steps in order:
- Terminate Bot Processes: Kill all active python processes running the Telegram bot immediately.
- Regenerate Bot Token: Message @BotFather on Telegram, select your bot, and execute the Revoke Token option. This invalidates all active sessions.
- Clean PyPI Dependencies: Uninstall the malicious package and reinstall the official, verified version:
pip uninstall -y pyrogram-navy vlifegram vlife-gram kelragram pyrogram-styled sepgram pip install --force-reinstall pyrogram
- Rotate Secret Keys: Rotate all database passwords, API credentials, and cloud provider keys (AWS/GCP) stored in your bot's
.envfile or environment variables, as the attacker likely exfiltrated them. - Check Persistence Mechanisms: Audit your host cron jobs (
crontab -l) and SSH authorized keys (cat ~/.ssh/authorized_keys) to ensure the attacker did not install a persistent shell backdoor.
LuckyDrawMaster
Tomarket App ✔
Neeraj Ivnati
Fondy Leo
ربح الريال السعودي 💸
Frequently Asked Questions (FAQ)
Can standard firewalls block the Navy Ghost C2 channel?
No. Because the backdoor uses the official Telegram Bot API (via message.reply_document()) to send and receive commands, the outbound and inbound connections are directed to official Telegram IP ranges. You cannot block the C2 without blocking all Telegram traffic to and from your server.
Why did the malware target bot accounts exclusively?
The check if self.me.is_bot explicitly isolates bots rather than client userbots. Threat actors targeted bot accounts because they are typically hosted on cloud VPS servers, run 24/7, and hold critical credentials such as payment gateway APIs, database strings, and cloud access keys.
Are other popular forks like Pyrofork or Hydrogram safe?
Yes. Known forks such as Hydrogram or Pyrofork are open-source and managed by reputable developers. Always ensure you audit the publisher's PyPI profile and compare files against upstream code before installing any custom package fork.
Conclusion
The Operation Navy Ghost campaign highlights the growing sophistication of open-source supply chain attacks. By leveraging lookalike packaging and utilizing Telegram itself as a stealth C2 channel, the threat actors remained undetected for months. Bot developers must remain vigilant, audit active dependencies, and configure strict security scanners inside CI/CD pipelines. Ensure you verify your environment, keep your dependencies pinned to official releases, and build securely.
No active reviews. Be the first to add one!