Incident detail

criticalpypi·credential theft·osv

Malicious code in telegram-lite-grabber (PyPI)

Published Jun 17, 2026, 07:09 AM

Risk score

Indexed incident for telegram-lite-grabber (pypi).

Package exfiltrates data from the Telegram application to a remote location, effectively collecting Telegram sessions.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-telegramlite

Reasons (based on the campaign):

Affected versions

=1.0.0

Indicators

Timeline