Cybersecurity researchers have uncovered three malicious packages within the npm registry that masquerade as a preferred Telegram bot library however harbor SSH backdoors and knowledge exfiltration capabilities.
The packages in query are listed under –
node-telegram-utils (132 downloads)
node-telegram-bots-api (82 downloads)
node-telegram-util (73 downloads)
In response to provide chain
