Pyronut Package Found Backdooring Telegram Bots For Remote Code Execution

A sophisticated supply chain attack recently targeted Telegram bot developers through a malicious Python package named “pyronut,” which impersonated the legitimate “pyrogram” API framework.

Endor labs by embedding a stealthy runtime backdoor, the package allowed threat actors to execute arbitrary code and shell commands directly on victim machines.​

Infection Mechanism and Backdoor

The pyronut package was designed as a trojanized fork of pyrogram, a popular Telegram framework that receives approximately 370,000 monthly downloads.

The threat actors did not rely on accidental typosquatting. Instead, they copied the entire upstream project description verbatim and provided an unreachable GitHub repository URL.

This suggests the malicious package was actively promoted through social engineering channels such as Telegram community groups and developer forums.

Endor Labs researchers identified three malicious versions of Pyronut on March 18, 2026, the same day they were published. Thanks to swift community vigilance, the packages were quickly quarantined, minimizing the attack window to just a few hours.​

Unlike typical malicious packages that execute their payloads immediately upon installation, Pyronut employed a stealthy runtime execution strategy.

# pyrogram/methods/utilities/start.py (Lines 73-78)
            self.me = await self.get_me()
            try:
                import pyrogram.helpers.secret as secret
                secret.init_secret(self)
            except Exception:
                pass

The threat actor modified the core client’s startup method to import a hidden backdoor module from the secret.py file silently.

The activation process was wrapped in an exception-handling block, meaning that if the backdoor failed to initialize, the error was ignored, and the application continued functioning normally. This allowed the package to bypass all standard install-time security checks.

Malicious Execution and Mitigation

Once active, the pyronut backdoor provided the attackers with dual Remote Code Execution capabilities. The first attack vector utilized the /e command, which leveraged the meval library to execute arbitrary Python code inside the running Telegram client.

This access allowed the attacker to silently read messages, download media, access contacts, and invoke raw Telegram API methods using the victim’s session.

The second attack vector utilized the /shell command to pass user-supplied input directly to the host machine’s bash shell. This granted unrestricted operating system access, enabling the attackers to steal credentials, exfiltrate data, and establish persistence.

Organizations and developers who may have been exposed to Pyronut during its brief availability must take immediate incident response actions. All active Telegram sessions must be terminated, and any associated bot API tokens should be revoked.

Because the attackers possessed arbitrary shell execution capabilities, developers must assume that all local credentials, environment variables, SSH keys, and database passwords accessible to the Python process have been compromised.

These secrets must be rotated immediately. Finally, the malicious package should be uninstalled, and the affected virtual environments must be completely rebuilt from a clean, verified state.

To Endor labs prevent similar supply chain attacks, developers should rigorously vet project repositories, enforce lockfiles with cryptographic hash checking, and implement robust software composition analysis tools.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post Pyronut Package Found Backdooring Telegram Bots For Remote Code Execution appeared first on Cyber Security News.