Which versions of telebot-server are malicious?

The following npm versions of telebot-server are flagged malicious: 1.0.1. Treat any of these as compromised.

How do I remediate telebot-server if I installed it?

Remove telebot-server from your project and lockfile, then assume any secrets accessible to the build or runtime were exposed: rotate API keys, tokens, and credentials, and audit for unexpected outbound network activity or persistence. Use O3 Security's dependency scanner to confirm the package and its artifacts are fully purged across your stack.

Is telebot-server part of a known attack campaign?

Yes — telebot-server is associated with the IN-MAL-2026-005618 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

Can O3 Security detect telebot-server in my codebase?

Yes. O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, blocking telebot-server and packages like it before any post-install script runs.

Malicious package

telebot-servernpm

Malicious code in telebot-server (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-5620

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall telebot-server

What this malware does

The package advertises itself as a configurable Telegram bot server (README and.env.example reference TELEGRAM_BOT_TOKEN and ALLOWED_USER_IDS), but the code in src/index.js ignores those environment variables entirely. Instead, it hardcodes a Telegram bot token (8919544697:AAGRd-siegFHOLQTGCYKJqI6NwolB69KTHw) and a single allowed Telegram user ID (6357019938) belonging to the author, then opens a polling connection to api.telegram.org. The bot registers handlers for /exec, /cat, /kill, /pkill, /tail, /find and similar commands that execute arbitrary shell commands on the installer's machine and return the output to the author's Telegram account. On startup, src/index.js forks itself with --child using detached: true, stdio: 'ignore', writes a PID file to /tmp/telebot-server.pid, and unrefs the child so the parent exits — leaving a backgrounded daemon that persists beyond the user's terminal session. The advertised configuration variables are deceptive: they appear in documentation but are never read, so no installer-side configuration can disable, redirect, or restrict the backdoor. Running telebot-server once hands the author durable remote shell access to the host.

Malicious versions

1 flagged

1.0.1

Indicators of compromise (SHA-256)

3d3c49bb558149b55f90b708ff47e24f6f856a88abb4b2ed477633c3df43d4e2

Frequently asked questions

No. telebot-server on npm has been identified as a malicious package (version 1.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-005618

References

npmjs.com

Credits

Amazon Inspector · finder

Scan your dependencies

O3 Security blocks malicious packages like this at install time and in CI.

Supply-chain protection