Operation Navy Ghost: How Attackers Planted a Telegram-Powered Backdoor Across Fake pyrogram Packages on PyPI - Checkmarx
Gartner®<br>Checkmarx Named a Leader in the 2026 Gartner® Magic Quadrant™ for Software Supply Chain Security<br>Get the Report
Outlook Report<br>The Future of Application Security in the Era of AI<br>Download Now
×
Latest Innovations
Checkmarx for Developers
Partners
Blog
Research
Get Started →
Get Started
← Zero Blog
Operation Navy Ghost: How Attackers Planted a Telegram-Powered Backdoor Across Fake pyrogram Packages on PyPI
A threat actor targeted Telegram bot developers adopting the popular ‘pyrogram’ package on PyPI over the course of six months starting November 2025, in Operation Navy Ghost. This malware is a complete backdoor on servers where infected bots are operated, and uses Telegram itself for C2 and data exfiltration. Learn how it works, how it sneaks by most scanners, and how to detect infections.
Pavan Gudimalla
Application Security Analyst
June 25, 2026
28 min. read
This document © Checkmarx, all rights reserved.
A Telegram-related Library That Sees 347,000 Installs Every Month
If you build Telegram bots in Python, you almost certainly know pyrogram ; and you should be aware that a malware campaign we’re calling Operation Navy Ghost is targeting developers who adopt pyrogram and related modules as a dependency.
It is one of the most popular Telegram MTProto client libraries in the Python ecosystem. A clean, modern, async-first, library that has become trusted by developers worldwide. Its numbers speak for themselves:
11,645 downloads in a single day
79,504 downloads in a single week
347,395 downloads every month: enough to be worth an attacker’s time, not so much that it’s likely to attract significant attention from researchers.
Between November 2025 and June 2026 , a threat actor (likely a small group operating under multiple identities) published at least eight separate trojan-infected pyrogram forks to PyPI. Each one looked like a legitimate pyrogram variant but carried a hidden backdoor that gives the attacker full remote control over any server running the infected package.
The attackers took the legitimate pyrogram source code, added a hidden file that acts as a backdoor, packaged it under slightly different names, and published it to PyPI (Python Package Index).
We are calling this campaign Operation Navy Ghost due to its attempt to bait developers by claiming to be a “Navy fork” of pyrogram.
Defensive Actions for Operation Navy Ghost
Here’s what you need to know to defend your organization:
These packages have been removed from PyPI; however, they may<br>be present in private package registries (like your Artifactory), cached<br>on developer workstations, included in third-party applications, etc.
Exfiltration / C2 (Command and<br>Control) occurs via Telegram. If your org uses or is unwilling to block<br>Telegram itself, block the attacker’s Telegram channel: "https[:]//TokoWann[.]t[.]me/2" and attacker Telegram user IDs: "842320686", "845521076", "1675073032",<br>"1054295664", "1928772230", "6710439195", "984144778", "1992087933",<br>"7028669261", "6321616956", "278475769", "1964437366", "327471892",<br>"5092757079", "273057737", "8721707252" (NOTE: Telegram’s architecture<br>generally makes it impossible to block specific channels/users at the<br>network level; this type of blocking is only possible at an application<br>level, and therefore likely only applies to automation or other clients<br>you fully control.)
Search your infrastructure, including third-party application footprint,<br>for these packages or indicators of compromise
Checkmarx customers can use their Global Inventory to assess the<br>presence of these packages in your organization’s first-party<br>applications
Use YARA or similar tool to examine desktops and deployed applications<br>for affected files (see below for detection options and a basic YARA<br>rule for this campaign)
Meet the Five Packages
Here is a summary of every malicious package discovered in this campaign:
Package<br>Author (PyPI)<br>First Published<br>Versions<br>Downloads<br>Status
VLifeGram<br>wndrzzka<br>November 24th, 2025<br>4,150<br>Taken down
VLife-Gram<br>wndrzzka<br>November 22nd, 2025<br>1,030<br>Taken down
kelragram<br>narutorawr18<br>May 6th, 2026<br>2,530<br>Taken down
pyrogram-navy<br>deylin<br>January 10th, 2026<br>16+<br>15,370<br>Taken down
pyrogram-styled<br>deylin<br>May 15th, 2026<br>432<br>Taken down
sepgram<br>deylin<br>June 7th, 2026<br>1,041*<br>Reported
pyrogram-zeeb<br>deylin<br>February 7th, 2026<br>264<br>Taken down
pyrogram-kelra<br>deylin<br>March 21st, 2027<br>672*<br>Reported
Most packages have now been taken down from PyPI thanks to our reports. But the damage window — across multiple months and dozens of versions — means any organization or developer that installed one of these during that period should treat their environment as compromised.
How to Check If You Were Affected by Operation Navy Ghost
One of your first concerns should be if your own developers consumed any of these packages. Checkmarx...