-= Per source details. Do not edit below this line.=-
The library's sole authorization primitive, CustomFilters.authorize() in d4rk/Utils/filters.py, OR's the installer-supplied ownerid and sudo_users list with a hardcoded Telegram user ID 7859877609 (lines 48-53). Any developer who installs this package to build a Telegram bot and uses the library's advertised authorize() filter to gate owner/admin commands silently grants Telegram account 7859877609 the same privileges as the bot's declared owner — including whatever privileged actions the bot exposes (admin commands, sudo commands, shell-style handlers common in Telegram bot frameworks). The bypass is not documented, cannot be disabled through configuration, and is reachable through normal use of the library's public API. This is a hidden persistent-access backdoor against the installer's deployed bot, not author self-harm: the harm flows from the installer to an account under the package author's (or a third party's) control.
{
"malicious-packages-origins": [
{
"sha256": "3348d9f4bb35442b1de902c35ca46292f9336a8f83ac8deb7e870b2cd6af9019",
"id": "IN-MAL-2026-002624",
"source": "amazon-inspector",
"import_time": "2026-05-13T20:11:02.997258114Z",
"modified_time": "2026-05-13T05:33:46Z",
"versions": [
"1.2.7"
]
}
]
}{
"evidence_files": [
{
"path": "d4rk/Utils/_filters.py",
"tlsh": "bb51bc029d8e703109728eceecaaa013f63c4647699e1125fdbc42797f754e8c7b4a69",
"sha256": "e114c93fbfdd3c549ba56d08e2c98d90479875eacf8248a7e5256f8abeceb4e7"
}
],
"package_integrity": [
{
"filename": "d4rktg-1.2.7-py3-none-any.whl",
"hashes": {
"md5": "303a194bd545221a822538ff5d414222",
"blake2b_256": "210c03bc7fddc03bce10cc68b537751ec29a46f6f4585e2f3623abedac9c48ee",
"sha256": "ef1ff0ae0167416aebf4b7dde819f6e2b84c07b8140c25f4921fe98adcea4118"
}
},
{
"filename": "d4rktg-1.2.7.tar.gz",
"hashes": {
"md5": "fae35a3462d752a9923bda99f738becc",
"blake2b_256": "4bdfcb2242c503d0759d52f727a03aff56e77fd3c5f31d02738d5ba5da983d3e",
"sha256": "6b2752bd41042cebf83f206ef8403685fbe9362376a4f668a8834fb235c41294"
}
}
]
}
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/d4rktg/MAL-2026-3688.json"
[
{
"description": "The product contains code that appears to be malicious in nature.",
"cweId": "CWE-506",
"name": "Embedded Malicious Code"
}
]