MAL-2025-630

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/telegramclient-utils/MAL-2025-630.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2025-630
Published
2025-01-30T16:04:49Z
Modified
2025-01-30T16:04:49Z
Summary
Malicious code in telegramclient-utils (npm)
Details

This package adds the attacker's public SSH key to the user's authorized_keys file, creating a backdoor.

Database specific
{
    "malicious-packages-origins": null
}
References
Credits

Affected packages

npm / telegramclient-utils

Package

Name
telegramclient-utils
View open source insights on deps.dev
Purl
pkg:npm/telegramclient-utils

Affected ranges

Affected versions

2.*

2.26.16
2.26.17