MAL-2026-6516

See a problem?
Import Source
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/inlifegram/MAL-2026-6516.json
JSON Data
https://api.osv.dev/v1/vulns/MAL-2026-6516
Published
2026-06-26T10:50:08Z
Modified
2026-06-26T12:26:02.495677135Z
Summary
Malicious code in inlifegram (PyPI)
Details

-= Per source details. Do not edit below this line.=-

Source: kam193 (9e2d3483845391abac4b854096ffc1c7767818f9e2b02486d969ee2be0638dc9)

The modified version of a Telegram bot library. The obfuscated code, launched when the user starts their own bot application, attaches malicious backdoor commands to the Telegram bot. They allow hardcoded users to execute any commands in the bot's environment.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-inlifegram

Reasons (based on the campaign):

  • clones-real-package

  • obfuscation

  • The package contains code to execute remote commands (probably limited to a specific set) on the victim's machine.

  • rat

  • target:telegram

  • action-hidden-in-lib-usage

  • backdoor

Database specific 
{
    "malicious-packages-origins": [
        {
            "versions": [
                "2.1.2.8",
                "2.1.2.9"
            ],
            "modified_time": "2026-06-26T10:50:08.993957Z",
            "sha256": "9e2d3483845391abac4b854096ffc1c7767818f9e2b02486d969ee2be0638dc9",
            "id": "pypi/2026-06-inlifegram/inlifegram",
            "source": "kam193",
            "import_time": "2026-06-26T11:54:37.154560125Z"
        }
    ]
}
References
Credits

Affected packages

PyPI / inlifegram

Package

Name
inlifegram
View open source insights on deps.dev
Purl
pkg:pypi/inlifegram

Affected ranges

Affected versions

2.*
2.1.2.8
2.1.2.9

Database specific

source 
"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/pypi/inlifegram/MAL-2026-6516.json"